Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
28/01/2025, 10:14
250128-l96nbavraw 1028/01/2025, 10:12
250128-l8jgdsvrgn 328/01/2025, 10:09
250128-l6zetsvrdn 4Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28/01/2025, 10:12
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20241007-en
General
-
Target
sample.html
-
Size
270KB
-
MD5
330f0941aa62e18b70c9b4360bf343d9
-
SHA1
eb22e6147fbb2b92b36a8db2d06f5366c9bb4c0d
-
SHA256
40f0a61db3e8d3a9214d8cdb4985e90321d7117508c16f569a57e72e42ce4b96
-
SHA512
6cb71a976fc59dd2857227a255184c9b84ff95071b52d10fe89969833915f8e87631cc72e7c7f3599b9c7ee6dd86a0f0c574911efb04256f9da310f3b8b07c9b
-
SSDEEP
3072:BLIAkp2SvaEvZ+pIhnrlf5RA+Jej3SN9A5VIcwoAwtN+25/jg+y:BLIAk8KaEvZ8IhJ5RNESNyIJ4g+y
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4976 msedge.exe 4976 msedge.exe 4404 msedge.exe 4404 msedge.exe 2360 identity_helper.exe 2360 identity_helper.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe 4404 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4404 wrote to memory of 3224 4404 msedge.exe 82 PID 4404 wrote to memory of 3224 4404 msedge.exe 82 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4516 4404 msedge.exe 83 PID 4404 wrote to memory of 4976 4404 msedge.exe 84 PID 4404 wrote to memory of 4976 4404 msedge.exe 84 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85 PID 4404 wrote to memory of 4228 4404 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda8d446f8,0x7ffda8d44708,0x7ffda8d447182⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:82⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:1880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4842258942843564180,18135633612763412813,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4452
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4868
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1168
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
1KB
MD5288e11388247b82cb2f95f9ba2608192
SHA1fb180e8751e41d2dd1af21fb6d098d1afb7c7f77
SHA25634673fe925fa5c7f5ddf8d5e51d3ae1f18c59661452bed5bca535bcca99c89de
SHA5129942254841cd5916f114566d7b0c7a84b2d6709d2520dd8332f1e4af139c71de54567ee171f500567d1744bfe5d34cacddabf2c1dc35d5f840546d3505d071e7
-
Filesize
1KB
MD5782644cbc2da6883f6462f68ca56d21e
SHA1dc81cf3f8a01aa60d263d0c18aba9d838c086afd
SHA25612a7261b9bae2f1a871e334262c93faddb804b60008f6155ca785af68cda5edb
SHA5128a26b039f239f22cc6a098c87849a04e5bbd9a114d5f0f9d12f0c3aa90050c0847b6443fc26c77d354f2346e814d77663b4b4360cd7d0230be55a3c29e0f871b
-
Filesize
6KB
MD58c125221258a30bff3426df177db69f4
SHA1919a675fc67c043be6a3003c96bab3efec27fe18
SHA256b453ce0a15e17a189258087f64c267bc13799e443985a5bcb86b4769bc65fa2f
SHA51241dadfc6b3c85a985c0d799ad19e5300bdb951f0dec3c2db12183d650ef9081ce18a4c0acbdaa470f89c8d142f060f0835b70e4bec93928491afcd3164daebd6
-
Filesize
5KB
MD5498b228524bc5ec6ab2b814c0e805314
SHA17210cfdb5254b175d6eb31eb5fe155e3cd58dac7
SHA2565c332aa5cb2a93d83ab4764a95a3c6364dcf5e65f976bf434ff13e06e09b16fd
SHA512d7a33dab29e25564513ab8e943ce7663d75e156ee624c9450fec9908229e4165ec1b8a0c730cfff5a2a1fad447f54cef0445da116613245dd45d0f1f5b89c66b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5da13971a9de7d092c3fd7eaf6702df56
SHA1e8ec767a6c32d395fd397d50a9c0c5cf45ae7741
SHA256be6f38c9a94cac4a7bb403f708d28816edf7773ab0f823adb6f3fc14b99c0986
SHA512c9a174bc83d6d38f465b44b3d62a3bc51218cefd5c27f7f34da0c192b60eb56fdbf83637d7db14a4f18a46091df87253452969b776c7d14c8b4a57047a3069fe