Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

OvixGTALauncher.exe

windows11-21h2-x64

6

Resubmissions

05/01/2024, 03:13

240105-dq81bsghbk 3

05/01/2024, 03:09

240105-dnswbsggfn 6

Analysis

  • max time kernel
    133s
  • max time network
    147s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/01/2024, 03:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OvixGTALauncher.exe

  • Size

    1.1MB

  • MD5

    9d85f3708e601c563d9d9f688a950534

  • SHA1

    02c36ea71a8b3491c8cd984eec3c135854043b11

  • SHA256

    887452fc7a92bddff7567037127a0149a63301b0da14f244ae91f9430bb5c84a

  • SHA512

    1bee0af8c22e6a066fac9db6407693c376210a81c6f834bd9ab80f1e2c122bfd734ea1f9d32dd3f68bc7105bbd7ad28a918eeda0b9570ad087848390d7aa1426

  • SSDEEP

    24576:fd4ie1wNqDk1QjrPHJhQoOpNslyOdGMv7xt4xYE3Ofn4I3/VNIufDxyjgaIb48BE:fd4i+eQ/JhEXCyOPv9tY3en4I3/+64k3

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OvixGTALauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\OvixGTALauncher.exe"
    1⤵
      PID:4936
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4580
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
        1⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2796
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff965d73cb8,0x7ff965d73cc8,0x7ff965d73cd8
          2⤵
            PID:1464
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
            2⤵
              PID:1840
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4220
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
              2⤵
                PID:2936
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
                2⤵
                  PID:3864
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                  2⤵
                    PID:5240
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
                    2⤵
                      PID:816
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                      2⤵
                        PID:5380
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:5464
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2816
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
                        2⤵
                          PID:1564
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                          2⤵
                            PID:940
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                            2⤵
                              PID:1932
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
                              2⤵
                                PID:1836
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
                                2⤵
                                  PID:5548
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5729219033207765422,10679310935577773723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                                  2⤵
                                    PID:5560
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2636
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:5312

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      ab16bd4ff2a8053c32cae8e2c4d25a66

                                      SHA1

                                      c1e041f30745a24f337adae3f4561d0f94f9e7cf

                                      SHA256

                                      5bafe572e81800f2a0bcd73872edb58a34972bf6134fac1432bdda1b7c0ebb70

                                      SHA512

                                      e4d7ee26645efa73e97b3453de0a3cf4a2374f758f625fac76e074c90413ad22fe17183e1611d5262cd1012da41a8d80b9718912af6bd5d807f4e972f591e69d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      312B

                                      MD5

                                      74ffe274ed6390041355f88c54b28506

                                      SHA1

                                      3e74670fbe9f9d13586463bb35e1823942498ec3

                                      SHA256

                                      09e60c6a9ddda6b1a71e667704fabe72e1ec071582f218c5a525c5df35a99983

                                      SHA512

                                      14c988d902f064b691d30b2a34ad19c9735982d11733b14206002c5f50903bb2db1be3c60691b4d9c9241fbb63bc15f8f92b2918a5e0ee24f80de80074c5c7ac

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      aae2bdd8733319a7c3d2575e787e3a07

                                      SHA1

                                      53549b45c353bc6fd8c80c421243c501d7751a93

                                      SHA256

                                      d0eb69f3a7ba897cd7f1a703c24cfe3122df3de0850f7f50774c932f3ccdacf5

                                      SHA512

                                      bf6ef8b8c8fb3345311bd49eabdc9384386cfb6e3bb9633e24cf6b0928f55761368f5bdc8b1f4ca6f2ffd4580aa8f9a67e9a6aba8f650de4b5490c359f45a305

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      4KB

                                      MD5

                                      f73d8aa1c5dc49738a434ee610a76f5d

                                      SHA1

                                      bbf81f73e686eca74de82d2a58aae62f2cf4fadf

                                      SHA256

                                      04af63c07ebaaaa3e12a5caaba4b0f5e454b58482f29da36fb042c14c12d6320

                                      SHA512

                                      597ebcc7995530da5c38d1dd0e0d9087cf647fa27c18231b34bf4dbe83beb2b86b18ccbf6fe69bf35031c2cdc3b315552c40cf0daaaafb0ebb9aa5744200a31d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      34e5b2077e77e880060ad186da8d3dd8

                                      SHA1

                                      f81799dec29d0fc6bc9ee94c1a26129696ef6ba0

                                      SHA256

                                      3d7a3e28337b452fa045b85f0692861437ec378de68f1713c61e08ddbeded16e

                                      SHA512

                                      eb2c5735e0379ec9f1b849f20289794c52bdc3ffb0e5c9720964c9dd548a13621aee3892f98ae9ab6f57ffca95a4be24030fec3fe8786275bdf0470441a9db69

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      31731803222f0f1f52864e45205bbc4f

                                      SHA1

                                      f1facc76d7b2203fc581edfb4cb986db7f793af2

                                      SHA256

                                      3ecd2325b4fe2fa24f174afb4b1096756b5af64f0094f35745290d3bfa2a5ccd

                                      SHA512

                                      ad8c61950b0f2180be05ffe85a6689a00e18060f15b765e1fb6f5afa04ca81dd7460b660cf17dbeca9178b202c1f3cf3292b1ce6e591d8d5420b683a8cde97fd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      5529135a59cf1dc408c82cf6e2c94413

                                      SHA1

                                      eb0d9e6a20cfd4f2c816c3367787b596b99c05a7

                                      SHA256

                                      578574d77c6f49b39e6e8346a664c64fc18205bbfb902bcbdf70c04dceb49751

                                      SHA512

                                      238dcee89f3a1b6cd99aa43d0b710a2769d596dfb17e6b74cb7c14c6687a12c19ce0acb10b694b90058563bb429d9f2e2ea54e45035f555fbe6780d8aa336d5c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      25KB

                                      MD5

                                      ac2b1e1028003f95bdb29d2cc74186dc

                                      SHA1

                                      b3d75c41f59e96148e07ba1c10d27f67adfc5d79

                                      SHA256

                                      8b5480e0e913fbfd94380c8b791244d03a71a0d054950836441425e1727ba383

                                      SHA512

                                      2b43d48f809212b459e53284446f0dfb23de64cbd251dd76350115910b11e4605469ddb41f2bd31aa9a98e652790d6928adee38b39d4fc4e9107e6a4f7d20e68

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      c8359c7dbaa04426072b054bf7179859

                                      SHA1

                                      daa3297f93804fe0332c341ff740e24617d2f77c

                                      SHA256

                                      7ac77f8d43a5eb32df4e897803cb007666193bc6cd33f8e3be7d6285f724082d

                                      SHA512

                                      6a91e53178c79dd1a44a76f5289a91e938961248e4e76c1e8c7be87cc53af52a811eba78f9b546b9aac548e9e2b10514670b29d1e603a3c0b2cb6581d487a64c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      42e67c341d039cc375615268a13d6014

                                      SHA1

                                      0a3aaaa90a39a86ae84444febed173d6719319dc

                                      SHA256

                                      45617b906b00fb89aea743c6faa44e6ea6112a8bdc0c1a9f6c7a7662d0943a58

                                      SHA512

                                      2466e91ae4ebb7368f685564d736f222b20336a6054440cd0a1ec6e267da08bbd21a9e0a69478f4b8c0a84fc7f50302b71bb089a629b8f8375adc2aae5e83405

                                      Download Submit