Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
97s -
max time network
148s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
26/01/2025, 01:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://u.to/LC_EIQ
Resource
win11-20241007-en
General
-
Target
https://u.to/LC_EIQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2860 msedge.exe 2860 msedge.exe 1388 msedge.exe 1388 msedge.exe 2796 msedge.exe 2796 msedge.exe 2548 identity_helper.exe 2548 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1388 wrote to memory of 3032 1388 msedge.exe 77 PID 1388 wrote to memory of 3032 1388 msedge.exe 77 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 376 1388 msedge.exe 78 PID 1388 wrote to memory of 2860 1388 msedge.exe 79 PID 1388 wrote to memory of 2860 1388 msedge.exe 79 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80 PID 1388 wrote to memory of 4852 1388 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/LC_EIQ1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff82c083cb8,0x7ff82c083cc8,0x7ff82c083cd82⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:22⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:12⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5858019086123009311,724602571942479059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:12⤵PID:4812
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2912
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4508
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c0a1774f8079fe496e694f35dfdcf8bc
SHA1da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3
SHA256c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb
SHA51260d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b
-
Filesize
152B
MD5e11c77d0fa99af6b1b282a22dcb1cf4a
SHA12593a41a6a63143d837700d01aa27b1817d17a4d
SHA256d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0
SHA512c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3
-
Filesize
5KB
MD5ad67f26bb61954a0a686ade87d16c9be
SHA178a21a053463a88e8db5c14ba55ccc0b07ee8707
SHA256fd40137ac2f06e0dd2ebb9f275c4c079226cd78c42b096fd28999ef7d062ff0a
SHA512f6ce2ffb119bef70d2a5efc628c79e4db08b9a3a7e7ec289aa9110fe2ef4acdba27f88fe69c506cb30685835fb777f8d33e86831f062bc81747446773e5d60db
-
Filesize
5KB
MD52c1e30e30a89cf176b1fa69d1efa2785
SHA199d94dca0b78a29d5e3e2f575578df3010e913e6
SHA256ac3c72337c537777527a48d1576453c708a355afc7673ca5c4001529df8b5364
SHA5120899c11dfe038c6d704933ba6d99d9fcdce4d6b1e52673fc23dd85bbcbe160e16008557188fab972dbb3c0bcdc8cddf186da9406e81d6c0f828c0b1f360eb163
-
Filesize
6KB
MD5e381185620532baf04d2c5f1c1c3ed87
SHA19ac123dded5a5483bbb0bd613167795bbf0fd02a
SHA256ec092d0293c56190349da375569187c31bce143ab5b7f492b71c8dae0cea2f85
SHA51238a0898421c7ced8ef30d8444c35e498f96ebd276b1b597ccb161a5d1091dd3de4054ba8b102c7af87c60b3cf2b62fd6826442179e4be0f8ac8322cc43fcef96
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5064c6ce9f482b986654f60174f1b36db
SHA12671a071df3c89c2c70a209ae2493a6d46fc2ffc
SHA2560f29d1765e542e36f8100d400a0fcbaf9ed4917498d1a1d1413d11a8447eee67
SHA5121c07088b129108f81445a6a188c64c860e8c1ef5e8f23deafb0aea48ac24605961e980730ef01dfc6fde758ed559584acb4437265750a7065d04c9cd433b38da
-
Filesize
10KB
MD5169e27aeb8c7903073d94e1c1e99c05f
SHA1a892e86ef83c8c0fda078a218b6d354d78d29d7b
SHA2568387caa1e1656737a837c94277f9b5f7c7795494061861b55d990d385ca2965a
SHA512b627d52497f239b63a27029564e3a7676caa96a3b63b15ea0bcff50b2ed830fe84a5ac6860e30e600b58fcfa7d1e91f6c15104ad8dd328092448cdb6d62ee402
-
Filesize
10KB
MD52874b808c7b7fc7f1a2dc5ab3a440d8f
SHA1da166e3dd6e7b071436fdb9b6bc57391ddb9a0ea
SHA256465ac6fffa1f233d099c5fb4d429782366964b1384178bf8c42cab7ec39217fd
SHA512a251cbe95d8939e35544301d41e9b16024f4e8b2e9ed070233201fa2361e565984952be0eb0e2bed78a6906352236221558740e30fd9d32536628443f5192dc4
-
Filesize
264KB
MD58296eed9261018055bed4870bfe3ae1f
SHA18b93d4f2cbbaf3f3656a1dc7963bff6364567039
SHA25669a603c64bdb54c662d145276e69922b1eac4992f8425c095c01ee3031350a1c
SHA5121cda37dcd55c1b06ca7c553b4b296fcff550fff9ca2d1e230d926eb78ac21d35f2ec8de012bb0798a7c7c4eeef52713c27bad1739d0bf6fb4e7dcdaa1e46bd84