Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2025, 01:54
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
flow pid Process 32 2200 msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2200 msedge.exe 2200 msedge.exe 4024 msedge.exe 4024 msedge.exe 4540 identity_helper.exe 4540 identity_helper.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe 4024 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4024 wrote to memory of 4572 4024 msedge.exe 85 PID 4024 wrote to memory of 4572 4024 msedge.exe 85 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2764 4024 msedge.exe 86 PID 4024 wrote to memory of 2200 4024 msedge.exe 87 PID 4024 wrote to memory of 2200 4024 msedge.exe 87 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88 PID 4024 wrote to memory of 3452 4024 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamtickets20.com/s/JGTQ1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd747d46f8,0x7ffd747d4708,0x7ffd747d47182⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Detected potential entity reuse from brand STEAM.
- Suspicious behavior: EnumeratesProcesses
PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:82⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12989409981899714555,6205102823594235877,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5312 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2996
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5c309b087f6942a57263a4cff72b55372
SHA1325021308eeb4f44aeaff54249c2ffff703ec1e7
SHA2568bc229755f8f157758b9da47a718047367406dbf76c0afb9c638f10487ad2eb2
SHA512457b3ede4b3c51ea1ae554b7ed6e2638a283dd1ca816d9ae274302f8578b0779b9299bcace653be1a13cfff82f0659df9a41d19bfc6623c1b17e9261e14e81dd
-
Filesize
503B
MD55be568cee5711ce9d439a0393d6ab897
SHA119f012f9274280b68c9d4b9d7e4f0c4858826325
SHA25633c09fd29638f3f6946c6db087b7e31430e7f54979ca1b11af2f12856a4627fa
SHA512c943d51e39c4fa23b7154f4dc528d92ed4817e5d09a923c63caf45df39e16d5bd5ead61c2736abb3a22206679228da8f23010f736403e156f452c0815bfd012b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD51e849be0a561b6d110710c1fccc56dcf
SHA176dce1a1b7d094abecf21af51bdbe158ddc93871
SHA25625d58666f204e5206313fcb07534f11e4a65296a8ab81d1ec18e0f4375dcfe04
SHA512bd3a37be44b0b75f08aa2622179a195bde01c1ada2a9e3f7f06d9c204dc69eb674901528070aa4b243eb085f2e687c655ba8cb74141dad74a9728f8df35553ef
-
Filesize
5KB
MD5906f39b2bc8509cba13903b965fc1729
SHA1b8de18caef8025c818266838eeeb2b5351edbfa6
SHA25639190d0caf03d448c2595f5eaf7168f3b917cba2acdb973f2c1c7b4a465b8562
SHA512829be3c842707a588dbd475a47d6a517c1708a50a25f8e269aa3d9ce4b74bff072ffe1c1e53a7f5e3c9598c25b518c0c87c621a72717fabc6f9474acdcf59d98
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5816a4d0608bbb91f5819ddf7ae849eeb
SHA1decd80b708adc90da290b517ca23b2073e560a84
SHA2569d91527b4b266e354c9fdec46d9584d6de8fb501273a34d85fb4ade496224eb2
SHA51288e0889b5cd5ea5204c66910b39ee5a765b4c677422534cdf78006f92169a826e78b0b599ca549d7addcb4df279ea797029ca443b2a413510b35acaafe0e100b