Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10some-sampl...1.html
windows7-x64
3some-sampl...1.html
windows10-2004-x64
3some-sampl...0ff.js
windows7-x64
3some-sampl...0ff.js
windows10-2004-x64
3some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...04ed7b
ubuntu-24.04-amd64
6some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...60.exe
windows7-x64
some-sampl...60.exe
windows10-2004-x64
some-sampl...5f4.js
windows7-x64
3some-sampl...5f4.js
windows10-2004-x64
3some-sampl...5fc.js
windows7-x64
3some-sampl...5fc.js
windows10-2004-x64
3some-sampl...6fd.js
windows7-x64
3some-sampl...6fd.js
windows10-2004-x64
3some-sampl...ed5.js
windows7-x64
3some-sampl...ed5.js
windows10-2004-x64
3some-sampl...9.html
windows7-x64
3some-sampl...9.html
windows10-2004-x64
3some-sampl...bb5.js
windows7-x64
3some-sampl...bb5.js
windows10-2004-x64
3some-sampl...4.html
windows7-x64
3some-sampl...4.html
windows10-2004-x64
3some-sampl...e.html
windows7-x64
3some-sampl...e.html
windows10-2004-x64
3some-sampl...a4f.js
windows7-x64
3some-sampl...a4f.js
windows10-2004-x64
3some-sampl...0f6.js
windows7-x64
3some-sampl...0f6.js
windows10-2004-x64
3some-sampl...7.html
windows7-x64
3Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
17/02/2025, 20:54
Static task
static1
Behavioral task
behavioral1
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
some-samples-master/010c1e2ffb9d2fc30a429b7db204ed7b
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral8
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral9
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral13
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral15
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral17
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral21
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral23
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral25
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral27
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral31
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
some-samples-master/027159c684c78666d4a1eac52f89cd57.html
Resource
win7-20241023-en
windows7-x64
General
-
Target
some-samples-master/01e080585e79879ea4e54844a2737d84.html
-
Size
11KB
-
MD5
01e080585e79879ea4e54844a2737d84
-
SHA1
1c2d8d126706957d316bd293d7ec54f18f61ec22
-
SHA256
80384e6d5c2d8f2ce64115b2e1b320513deaa08e5fc03f1b97807ada21937940
-
SHA512
95bda0feb277affebd2265162d47f5dd5cc039270083699d3690b1b5d3a08a30bf690fbc0d14394a71933d0a0111e403d3a4009d18a49bd9f53d611403e8e8ee
-
SSDEEP
192:TiqsJ3PqkDPkGYziiodcFm5b0bTqixwujunS10NA5XvXfxEFYVtjtqSMunoQq9i/:TifPHPkGYcdcFm5b0bTqixwujunSGNm1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 448 msedge.exe 448 msedge.exe 4216 msedge.exe 4216 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4216 wrote to memory of 2684 4216 msedge.exe 84 PID 4216 wrote to memory of 2684 4216 msedge.exe 84 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 4536 4216 msedge.exe 85 PID 4216 wrote to memory of 448 4216 msedge.exe 86 PID 4216 wrote to memory of 448 4216 msedge.exe 86 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87 PID 4216 wrote to memory of 4160 4216 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\payload.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8310a46f8,0x7ff8310a4708,0x7ff8310a47182⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5976682593726680156,16042967077998762479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5976682593726680156,16042967077998762479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5976682593726680156,16042967077998762479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5976682593726680156,16042967077998762479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5976682593726680156,16042967077998762479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5976682593726680156,16042967077998762479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3120
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4560
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD525f87986bcd72dd045d9b8618fb48592
SHA1c2d9b4ec955b8840027ff6fd6c1f636578fef7b5
SHA256d8b542281740c12609279f2549f85d3c94e6e49a3a2a4b9698c93cca2dce486c
SHA5120c8a0d1a3b0d4b30773b8519a3d6e63d92973733da818ca9838599a9639e18df18ce31ebf56f46f6bbb7d89d10c726f4d73781e154d115a6068a3be7dd12b314
-
Filesize
152B
MD594bd9c36e88be77b106069e32ac8d934
SHA132bd157b84cde4eaf93360112d707056fc5b0b86
SHA2568f49a43a08e2984636b172a777d5b3880e6e82ad25b427fef3f05b7b4f5c5b27
SHA5127d4933fae6a279cc330fde4ae9425f66478c166684a30cec9c5c3f295289cf83cbdf604b8958f6db64b0a4b1566db102fbcbdcdb6eca008d86d9a9c8b252ff16
-
Filesize
6KB
MD5a30ca06b6a10df833639606041d5b539
SHA18d78fa633339b648867355a835dbfa20f3243809
SHA256fbcfc622a0865d446e4e18b8c047dd71d94c8cad76c18e215385160784a72e23
SHA5120b7bd939caf93a5f6ec4a4c2fdd89e5db5dd62d5b22456271ada2f7e30bab58f45a9a923d03f967a3ac16b8189c2c4cf554f5359b3b6bb950e3932e6df18454d
-
Filesize
6KB
MD57bad9bbdef7b5fa5953f80279e6a0dcf
SHA1a9ab8368c018de964e6d62a116d8d170a576b6eb
SHA2565743f76d0dddb68536b5a33aa35be51fb5ae8de441d46322800ed653c4dee77c
SHA51234dbc4cb6f00e0be2ee3bc11bb8a3ae9f92cbf031eec88a8e49d7e84fd7b4cb35033a35d71270dd88f94d746c4a375354fb1c5de050274168f3d69f619e4332d
-
Filesize
10KB
MD5aff17b9f7a7ad97a8f34d0d003604fe0
SHA12b58b6cbdda8806fd99e4a141a10537d5941352c
SHA256072642acf81c2c98aea9ffd6ff8dbb5af40fda3dabb150f24011d0909845c3ea
SHA51235ba2fed43ed51e2a9a4109acec791b8bd6194e9e0d3a41009aa7aceddac1e6fd712984576ed1d929fb2b7d8c3cbec837edc02151a7862b84ebbd744550005e2