Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows7-x64

1

https://www.mediafir...

windows10-1703-x64

4

https://www.mediafir...

windows10-2004-x64

1

Analysis

  • max time kernel
    3s
  • max time network
    32s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06/08/2023, 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/xx8czot6x7qret1/%F0%9D%95%90%E1%AA%B5%E1%B7%8D%F0%9D%85%AE%CD%A2%CD%9E%E2%83%A1%F0%9D%95%81%DD%81%F0%9D%95%86%E0%BE%82%E0%BE%83A%CC%B7%DD%81%F0%91%80%B8%F0%9D%95%86%E0%BF%86%E2%84%A4%E2%85%88%D9%8B%E2%84%BF%DD%85%F0%9D%95%84%E0%BF%86%CC%AB%DC%BB%EA%99%AF%F0%9D%95%92%F0%9D%95%82%E2%85%87%E2%84%BE%EA%99%B3%E0%BF%86%E0%BC%91.zip/file

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://www.mediafire.com/file/xx8czot6x7qret1/%F0%9D%95%90%E1%AA%B5%E1%B7%8D%F0%9D%85%AE%CD%A2%CD%9E%E2%83%A1%F0%9D%95%81%DD%81%F0%9D%95%86%E0%BE%82%E0%BE%83A%CC%B7%DD%81%F0%91%80%B8%F0%9D%95%86%E0%BF%86%E2%84%A4%E2%85%88%D9%8B%E2%84%BF%DD%85%F0%9D%95%84%E0%BF%86%CC%AB%DC%BB%EA%99%AF%F0%9D%95%92%F0%9D%95%82%E2%85%87%E2%84%BE%EA%99%B3%E0%BF%86%E0%BC%91.zip/file"
    1⤵
      PID:4704
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:412
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1216
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5048
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2712
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2148
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
        PID:4304

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23J1CXIM\www.mediafire[1].xml
        Filesize

        13B

        MD5

        c1ddea3ef6bbef3e7060a1a9ad89e4c5

        SHA1

        35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

        SHA256

        b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

        SHA512

        6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23J1CXIM\www.mediafire[1].xml
        Filesize

        1KB

        MD5

        95315bcf7cd5c5e4978c5d4fe15837bc

        SHA1

        2c0b8b5b54543d0e141d281cad58d65ef3b791d2

        SHA256

        38f912ce7c35c298c14bade9fb97115a664bce2d86b999a70f513c8c4b80f18b

        SHA512

        84a81a4f4f53b26fabfcec643f760ac3fd68326ab37435a2ba80ba45c1e67b0b80c8e6774d78ef6abdbb4c1b1b36ae1acbe1117bded0ee26465484a5478d2e4c

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23J1CXIM\www.mediafire[1].xml
        Filesize

        1KB

        MD5

        e2f8985063ef8a74a392aa1017d19e85

        SHA1

        8d78617d2a5bee56155b7d13564b0cb78cd0ca47

        SHA256

        095447c4926255b4cac1ef595c0238e9d73014b02ab57cf8ac5a5ba5225e8d6c

        SHA512

        e2b8ebcbe41b0ba6501642ad2d95b7b0811587158b8ee9177b822e78e9f2707c704d810f99c6e8ecd042e7b77950f0ddecefb55e557984efbc41091c52dddc0b

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23J1CXIM\www.mediafire[1].xml
        Filesize

        1KB

        MD5

        b5704d23b26b27aae3bd93823f2d4629

        SHA1

        b42d6fc8cfd886e57dfa00d9ffd62b393bfcc978

        SHA256

        1ab81a5ff9434b198c9e544cda1e1fa65ffc27b685853d366b5e0914e9ddb19e

        SHA512

        e9f3ff53c7988c91f9e4e32f9107b60e1a4808b550ef14a94f2d3cfd21945ecc6f571acf764a1c9d49a3809076dd5203fabec4cfc7f9fc3ac0d5260cda099cb0

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\23J1CXIM\www.mediafire[1].xml
        Filesize

        2KB

        MD5

        55f4e755e563c75eb2d0dd39b30cb1f8

        SHA1

        71158e385fca7c6a14548fc4c7a6b0619b79c477

        SHA256

        fb805d89f631d924c20da3ebdd3ad54d6e8dc32bcadfc813ece635aa7c3df42b

        SHA512

        555acb5c67c6abd7d137fe59662e51da328af889d349dae58344f8c258ae25dc0a7cc9db9976d83b74f79a983512766e923d467050163e954754361bbbb032e1

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
        Filesize

        392B

        MD5

        98d25a6dffcf319f2e0a407f1d54027b

        SHA1

        3bb8e4edc2840134ce21fa9d8317b9e3fc92614f

        SHA256

        bd48c87759b499993e807da41ff4c9236d3722c1a7bfa114ed84329b537c904b

        SHA512

        2916762368303cc9286d8efafcd998ac0d57ae08ecd62b1ef9e50cd4c538d42d800dd2dee1d017b94d40f7817a7d9e66d796dfea997819eb1e4e386cb552ec02

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\7VLXWNN0\favicon[1].ico
        Filesize

        10KB

        MD5

        a301c91c118c9e041739ad0c85dfe8c5

        SHA1

        039962373b35960ef2bb5fbbe3856c0859306bf7

        SHA256

        cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

        SHA512

        3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

        Download Submit

      • memory/412-120-0x0000025712C20000-0x0000025712C30000-memory.dmp

        Filesize

        64KB

        Download

      • memory/412-136-0x0000025712EE0000-0x0000025712EF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/412-155-0x00000257101F0000-0x00000257101F2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/412-359-0x0000025719F60000-0x0000025719F61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/412-363-0x0000025719F70000-0x0000025719F71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2148-355-0x00000242819C0000-0x00000242819C2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-446-0x0000024AFEBA0000-0x0000024AFEBC0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2148-332-0x00000242814F0000-0x00000242814F2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-334-0x0000024281910000-0x0000024281912000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-336-0x0000024281930000-0x0000024281932000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-345-0x0000024281950000-0x0000024281952000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-348-0x0000024281980000-0x0000024281982000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-353-0x00000242819A0000-0x00000242819A2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-327-0x00000242814B0000-0x00000242814B2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-324-0x0000024281490000-0x0000024281492000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-322-0x0000024280BF0000-0x0000024280BF2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-319-0x00000242805F0000-0x00000242805F2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-240-0x0000024AFEAA0000-0x0000024AFEAC0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2148-231-0x0000024AFE900000-0x0000024AFE920000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2148-434-0x0000024283EE0000-0x0000024283EE2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-330-0x00000242814D0000-0x00000242814D2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-549-0x0000024283000000-0x0000024283100000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2148-621-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-623-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-635-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-622-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-638-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-644-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-640-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-647-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-648-0x0000024AFDC00000-0x0000024AFDC10000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-189-0x0000024AFDFE0000-0x0000024AFDFE2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-187-0x0000024AFDF20000-0x0000024AFDF22000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2148-185-0x0000024AFDF00000-0x0000024AFDF02000-memory.dmp

        Filesize

        8KB

        Download