Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    300s
  • max time network
    295s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06/10/2023, 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5bv7Ru1.exe

  • Size

    100KB

  • MD5

    d69c0c0c0a7424a779f408469faba061

  • SHA1

    5a3ba35b72bb4dd2c84764d98d2018b2361cd7b8

  • SHA256

    e80cd316026da4995b6f4ea76703721619af396306e0d506434eb5f1935638a1

  • SHA512

    c62efeb0eb15c3a69dc0f6b5fd644a532cd3f56c3631f8cd82bb93aec89fe013e6f432da8d23e9c075ad78cac11e21896577b0f0e99ed29818ae3c4c4aa37d5a

  • SSDEEP

    1536:i7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfUwiAOG6:A7DhdC6kzWypvaQ0FxyNTBfUrt

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5bv7Ru1.exe
    "C:\Users\Admin\AppData\Local\Temp\5bv7Ru1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4788
    • C:\Windows\System32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\93A5.tmp\93A6.tmp\93A7.bat C:\Users\Admin\AppData\Local\Temp\5bv7Ru1.exe"
      2⤵
      • Checks computer location settings
      PID:4360
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1696
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:2308
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1372
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4148
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4956
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:3452
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:3008
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2452
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4340
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DZDMTHDJ\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3WVDGHSZ\B8BxsscfVBr[1].ico
    Filesize

    1KB

    MD5

    e508eca3eafcc1fc2d7f19bafb29e06b

    SHA1

    a62fc3c2a027870d99aedc241e7d5babba9a891f

    SHA256

    e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

    SHA512

    49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z6MGG41U\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DONN3IOV.cookie
    Filesize

    132B

    MD5

    8504faee8b16e23b2b7754b4feeddb13

    SHA1

    b719441919dc1c1865a902048ec75b36ecba2bfd

    SHA256

    7c204a4d3a0a6dabdef15c44beb26a8cfdcc3e791fa1a7bc16c07ffdf45435d3

    SHA512

    1d19bfa41f99252d42cfbb13c8ae4cb460440a2f460a333610a1645e974a9f6936e66c96a102c9e99f19fe3b46951648ede419d1fcbc53b1c66b89859b1d9659

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OBRTBP25.cookie
    Filesize

    132B

    MD5

    1abfa94c5fe4a3e4b67c8b1aa1f24c1e

    SHA1

    dfb90f1117ba69186a03327e40064f4178582268

    SHA256

    217abac3d7a61683571d1cfe2868324c4730dd4d9bb11e276fba32b07910286c

    SHA512

    e125f0463f955be5689e2edc64d1092103f27fce1ad09258ce6aeae4cde94ba4b36017be324e1fd00aa8a6cb4eb8bd01091d8074a9d15e544edaa29e29466789

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    6934ee6008ed72f8cdb002ac5bcfe504

    SHA1

    e8bf51fa6f9b401a3a9c1eea3e42ee91a95edb4b

    SHA256

    6d6c9256ca58921687bdb2d9d56602e5b3e32b7503b9112346430032539ef564

    SHA512

    41b3fc8a903765e95043b15e02b50305ccb1e15126fff5f61b5ef8aceeceaf5a04e9ff13864aa4f675070e61f28c02d26114cc4dfec5e150480ceb16a262883c

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190
    Filesize

    471B

    MD5

    76393076ef81a61d8a8471472042632e

    SHA1

    7521cc0e132134af3e55647dd37b2cefaa0d9211

    SHA256

    319460b111788a5cbcdeea3d35a31efec6877fa2566e4106818f0bea0bbd9240

    SHA512

    f802098abc83340c90f64ba72725f2d69c610682eee3395412df496f430e560807783f95f73e3969122e740e991028513d7ff0d7a1d6c12f2bfa9d9afcb1827b

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    6d07b42b04c174fa154743c3a667283d

    SHA1

    cfa82bf7912d4efd38362ae839930b3af0fedffc

    SHA256

    4a4b7a3a0b8b97ed5dae69094f7f5031c62e36a3f079dc12eee3e1610a5f1ea4

    SHA512

    56f537f7bf3415d35c5e1f6615b36f9c2f1b21137f0067277e61da604a0c6bed68ee3d31fa66e88466661a1bc215a326479daef1d642357ec90c833421eaa3ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    302B

    MD5

    cadc7d15d6cf94e2f3afd87ec753cd3b

    SHA1

    5189498ff2793bd883b7dfd16bfa641c5d8555b5

    SHA256

    4e997465892b2dd627b34997c56df2db4d3a2e2417a318382e6cbe2a525d38d9

    SHA512

    d9d87c6ff75ffae85a3f8d894574877a6422fe6761fadc39d0ea3a46471b57f18afbbca516c9681465ca82885ef5d1e3b41854c4be7a54978435c7b71909210d

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    d1de185ff7da73ab2a25f1f515114758

    SHA1

    7f8735c1c708d067d30db038c13b85fda565de05

    SHA256

    25d8c9f7f313427a2e59e4690b2694cf41f78ed23c4e7978fd7886efbbf67d49

    SHA512

    f399cceeaea4e576ff2189eaccc702705527bbe1f642bf1fe695a8a786e1c53d11359a03e1f6726a4a71a08dd64ad5148f94bb4e15300f6b81f18f3bfd02fa16

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190
    Filesize

    406B

    MD5

    abbdbb42e06fdb1bcaaa3b048398238d

    SHA1

    b7b09ea996943cf9a9d79227234d806a10f7e109

    SHA256

    6217e48f0ab5bfbdcfecb8d692f78dc67cf9d7e3591029b2d9a2489ce8c6884f

    SHA512

    8bb37f4747621bdc95fed973a34847690fe61f0fbfccc5635b9771c71b57cffa70571187fef190c1ac41fdc480d157b8a8e1d46fe1793bffc8b3df0f8eec8f6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\93A5.tmp\93A6.tmp\93A7.bat
    Filesize

    90B

    MD5

    5a115a88ca30a9f57fdbb545490c2043

    SHA1

    67e90f37fc4c1ada2745052c612818588a5595f4

    SHA256

    52c4113e7f308faa933ae6e8ff5d1b955ba62d1edac0eb7c972caa26e1ae4e2d

    SHA512

    17c399dad7b7343d5b16156e4d83de78ff5755d12add358bd2987ed4216dd13d24cfec9ecdb92d9d6723bb1d20d8874c0bad969dbec69eed95beb7a2817eb4fe

    Download Submit

  • memory/1696-37-0x0000024EE9930000-0x0000024EE9932000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1696-365-0x0000024EEFC30000-0x0000024EEFC31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1696-362-0x0000024EEFC20000-0x0000024EEFC21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1696-18-0x0000024EE9320000-0x0000024EE9330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1696-2-0x0000024EE9120000-0x0000024EE9130000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3008-448-0x0000023E91600000-0x0000023E91620000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4340-463-0x00000216AE7B0000-0x00000216AE7B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4340-465-0x00000216AE7D0000-0x00000216AE7D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4340-467-0x00000216AE7F0000-0x00000216AE7F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4340-469-0x00000216AE9B0000-0x00000216AE9B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-347-0x0000027699B10000-0x0000027699B12000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-411-0x0000027699670000-0x0000027699690000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4956-375-0x0000027699DF0000-0x0000027699DF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-373-0x0000027699DE0000-0x0000027699DE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-371-0x0000027699DD0000-0x0000027699DD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-366-0x0000027699BC0000-0x0000027699BC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-363-0x0000027699BA0000-0x0000027699BA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-359-0x0000027699B50000-0x0000027699B52000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-352-0x0000027699D90000-0x0000027699D92000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-341-0x000002769B500000-0x000002769B600000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4956-328-0x0000027699A80000-0x0000027699A82000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-194-0x0000027699490000-0x00000276994B0000-memory.dmp

    Filesize

    128KB

    Download