Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
21/03/2025, 17:54
General
-
Target
https://is.gd/6xky4v
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/6xky4v1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffbef5bf208,0x7ffbef5bf214,0x7ffbef5bf2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=1972 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1940,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=1932 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2380,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4820,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4816,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4992,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5364,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6216,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6524,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6524,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6688,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6792,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6800,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=6828 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6756,i,15394055578504327786,11722368241299212274,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD5718b15c65b3d6bca8b9a5255b2c403ed
SHA1a6c6ad7620105e62f920ea34f3f713c680c1c4e8
SHA2561bd92ac2b8901a5020ea8cddc389da86b930e0296c26ce1e42a2ed166c594345
SHA5128361ae7e1292c45b5d49a37285b70432eb172417fe530d86acbdeb8c94fcd6b437b09f596ec4b8b25c442a24607dc54ea759b3276663409a442d192b6f0a7b4e
-
Filesize
280B
MD565044109d1beb8ed8d59560642cbc519
SHA10084485b0aa26069232fab51ee603682e8edfd17
SHA256a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d
SHA51296dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD54a53eae4bbfba15cfee8106fed03f742
SHA1b3949f6e2d3659767942293fecf0c4d6aaa76980
SHA256664565ccb0a71132163a64f05e363d5b7211be9f3cc3c31c70efca90bd9e2cb2
SHA512a2b2f3f0e85466d2e039bfee8af291268bedfdf729cc7ed497bb70c6f006289792befad522a2c190a9bd98923a215aa663cc302719528717cf0a846068a97643
-
Filesize
36KB
MD5a38e40111ca27ced212da3b610667132
SHA1e44e12e4db4d6264eda3486b9eb119d773d1e325
SHA2565618ce7c910e8743f0cb29427fc69f6b67a53bd3e3a732f3cd9ddb2e3dcf0bae
SHA5124a9cc04abc6a9be6ae9726588fa2040d8b637ea6f5378a7d038fe034b17fe09e8ae825f9b9e71cbdf4fcc28694399e783c130013684ed32632ccac606890f5d5
-
Filesize
72B
MD5fb09cbc61562dc02a6f15f8a83139b61
SHA16e52e416c075063e9d495f2769abf50f66f57b8a
SHA256ba20ae200712cd3099b04e5a827ca6a3457d2990283ecbfbc28ab30cdc2c9cbe
SHA5120c9ba48cc8d1e4f0cbb8154ad3ca4d0daa75a578ccd08990768aca2df9f609b3f725f1db78d1dc8caa9ada26dee4ac069a3f4505ec10d2856854454aa6655044
-
Filesize
48B
MD53b55f611ad42502046c4216f22e1c242
SHA11c7ba16cec2888dcb3cdb1595e90cc8562df56a0
SHA256078527073c422f5adfc27716e992dabb5dd4178fbcbc3453cc26af162efd22cb
SHA51224c582e0653161c0b1eb9160c0822ccbbf287fe399411c73917236c6e7d7c5f2b65f031e4542104e86bdce7e3a7f97d3b16e651d599fd964b3eb21b2b34d5b5c
-
Filesize
22KB
MD5279a93dbef8cf976c974c55426729d86
SHA1718da9909fbb82291a9ab8c6ad2e5ff1a4ce6cc0
SHA25697485280dd5efe2456265b7c99dadfd9e0818da35b253b43b59bf1c7e90260e3
SHA512a2c1d5bae147f60a864665afe4697adae1ddbb78a1829563dd056d4062d859c3f96a054565deb134d2e8d7056905fbb45330b857c2201d335d673d35d626afc0
-
Filesize
49KB
MD5fb5b9ae99a7debf27638bed0dcdae99f
SHA1a0a8c3570450c85b86125e08720ac84b7ab6570b
SHA2565668d8b078b359835a1db1ed87a72d1664d18221f754cbef50df2570dfda2423
SHA5125cc8be64f437aec5c02818b53516fb52168a75a2f8ec7e08d036ecfdf5d4f42edc5bf44b421a969d58ee709e3ccdfb3e1f889701b8651b612cb061ad7a536e54
-
Filesize
392B
MD5e8b08aa19e9f37d1cb2dae41a8491de5
SHA1123757dd8884d041d0b2d8aff2a23d88c2de86bb
SHA256efce458f245b9b369279be00468a8aa266812f5144fac897d414ad44b62b3e13
SHA512a494df58a318d0d8ec87d595e772448bd416a24f0849974c8f049336acc7bcb66329a4fd7badd4033ca054220a941c9f39d7ab684c3b0386bf37740a165dd150
-
Filesize
392B
MD54bf84683a3a67154a17da0060e33043c
SHA119491c2ac424c48f34539c164fe7e480ed435b4e
SHA2566b7a3ec65f7a840eaebb276f46863984ee649fb7aaae4719f7206af2cbf54a44
SHA512c0854b6f1a4663b2357e5e14cc1411900858170047a86318c9fa1bb81afdda5f0f077c2eb13a314aaacbc20fe61629b13fc0fe4b72816da5478f0bb7ca63580d
-
Filesize
2KB
MD5251a0dd5c2134320257711700ddda67c
SHA18a70855a9c88a8ca0e95fb84c0ecd61901f8c592
SHA25609676f0059ddc3fe8487c5286cedb1ca0b6d0052f956c340facd499d7a1ee3cf
SHA5122953df0293051b595760896331b436faad1d1a5f17fb9d7be6344c80c5e7b4ee71dffa540ca038b2391bb97601674b776bec79cbbae065329a3dc57f14676673