Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

hlrb11-59cp2009.exe

windows10-1703-x64

7

$PLUGINSDI...ns.dll

windows10-1703-x64

3

$PLUGINSDI...nu.dll

windows10-1703-x64

3

cl_dlls/client.dll

windows10-1703-x64

1

dlls/hlrally.dll

windows10-1703-x64

3

fmod.dll

windows10-1703-x64

7

gfx/env/dmcwft.ps1

windows10-1703-x64

1

manual/bugs.htm

windows10-1703-x64

4

manual/courses.htm

windows10-1703-x64

4

manual/cou...x.html

windows10-1703-x64

4

manual/cus...on.htm

windows10-1703-x64

4

manual/fra...om.htm

windows10-1703-x64

4

manual/frame_top.htm

windows10-1703-x64

4

manual/ima...om.htm

windows10-1703-x64

4

manual/ima...op.htm

windows10-1703-x64

4

manual/ima...x.html

windows10-1703-x64

4

manual/ima...ew.htm

windows10-1703-x64

4

manual/index.htm

windows10-1703-x64

4

manual/overview.htm

windows10-1703-x64

4

manual/team.htm

windows10-1703-x64

4

manual/vehicles.htm

windows10-1703-x64

4

manual/veh...x.html

windows10-1703-x64

4

maps/rc_canyon.ps1

windows10-1703-x64

1

models/lcr...er.ps1

windows10-1703-x64

1

settings.scr

windows10-1703-x64

uninstall.exe

windows10-1703-x64

7

$PLUGINSDI...LL.dll

windows10-1703-x64

3

user.scr

windows10-1703-x64

zlib.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    300s
  • max time network
    287s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/02/2024, 18:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    manual/courses.htm

  • Size

    31KB

  • MD5

    2bcbf1a089d788b4e22682dc4dd3d50e

  • SHA1

    2d568e8f8a9cc1b0377c0ef4e858575c379face6

  • SHA256

    237c2a0692b7d2ad183965e241af66ec5d65ed0c4510b3719b9c36b86340e27a

  • SHA512

    b0470f8e696c4a574f15b3640697f86e46657836cd1eaaafa4e6a288ca28ad3588de41eb7c8e2c0d3cc5f051b095d9768f20f871937ae3bf152362ca5e6e0970

  • SSDEEP

    384:vOP5OBRO7dOHOBOPyyOLR+OOOlOmdOHdO0dOwOaBYOEOdzszzaztzOWOxOwOBON8:827cOt

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\manual\courses.htm"
    1⤵
      PID:2892
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:212
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4336
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:512
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:488
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:5108
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4280

    Network

    • flag-us
      DNS
      161.19.199.152.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      161.19.199.152.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      192.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      192.178.17.96.in-addr.arpa
      IN PTR
      Response
      192.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-192deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      www.microsoft.com
      MicrosoftEdge.exe
      Remote address:
      8.8.8.8:53
      Request
      www.microsoft.com
      IN A
      Response
      www.microsoft.com
      IN CNAME
      www.microsoft.com-c-3.edgekey.net
      www.microsoft.com-c-3.edgekey.net
      IN CNAME
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      IN CNAME
      e13678.dscb.akamaiedge.net
      e13678.dscb.akamaiedge.net
      IN A
      23.37.1.217
    • flag-gb
      GET
      https://www.bing.com/cortanaassist/rules?cc=US&version=6
      MicrosoftEdge.exe
      Remote address:
      92.123.128.150:443
      Request
      GET /cortanaassist/rules?cc=US&version=6 HTTP/2.0
      host: www.bing.com
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
      dnt: 1
      Response
      HTTP/2.0 404
      cache-control: private
      content-length: 51415
      content-type: text/html; charset=utf-8
      content-encoding: br
      vary: Accept-Encoding
      p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
      x-eventid: 65da3658266042158db753682aebe885
      useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      x-error-page: 404-custom
      x-ua-compatible: IE=edge
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: EF678AED11774235A9AC65A3B997C6B3 Ref B: LON04EDGE0609 Ref C: 2024-02-24T18:32:56Z
      date: Sat, 24 Feb 2024 18:32:56 GMT
      set-cookie: MUID=14FB668F470668FC2F2472A0462169C7; domain=.bing.com; expires=Thu, 20-Mar-2025 18:32:56 GMT; path=/; secure; SameSite=None
      set-cookie: MUIDB=14FB668F470668FC2F2472A0462169C7; expires=Thu, 20-Mar-2025 18:32:56 GMT; path=/; HttpOnly
      set-cookie: _EDGE_S=F=1&SID=3F153E6EB15B62FB0F122A41B07C63F7&mkt=en-us; domain=.bing.com; path=/; HttpOnly
      set-cookie: _EDGE_V=1; domain=.bing.com; expires=Thu, 20-Mar-2025 18:32:56 GMT; path=/; HttpOnly
      set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Feb-2026 18:32:56 GMT; path=/
      set-cookie: SRCHUID=V=2&GUID=0F2EDF7316F6480C854DE221DB7FBF3D&dmnchg=1; domain=.bing.com; expires=Tue, 24-Feb-2026 18:32:56 GMT; path=/
      set-cookie: SRCHUSR=DOB=20240224; domain=.bing.com; expires=Tue, 24-Feb-2026 18:32:56 GMT; path=/
      set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Tue, 24-Feb-2026 18:32:56 GMT; path=/
      set-cookie: _SS=SID=3F153E6EB15B62FB0F122A41B07C63F7; domain=.bing.com; path=/
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.96777b5c.1708799576.3d1ec51a
    • flag-us
      DNS
      150.128.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      150.128.123.92.in-addr.arpa
      IN PTR
      Response
      150.128.123.92.in-addr.arpa
      IN PTR
      a92-123-128-150deploystaticakamaitechnologiescom
    • flag-us
      DNS
      217.1.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.1.37.23.in-addr.arpa
      IN PTR
      Response
      217.1.37.23.in-addr.arpa
      IN PTR
      a23-37-1-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      0.205.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.205.248.87.in-addr.arpa
      IN PTR
      Response
      0.205.248.87.in-addr.arpa
      IN PTR
      https-87-248-205-0lgwllnwnet
    • flag-us
      DNS
      9.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls, http2
      MicrosoftEdge.exe
      1.2kB
       8.2kB
       15
      15
    • 92.123.128.150:443
      www.bing.com
      tls, http2
      MicrosoftEdge.exe
      1.1kB
       4.9kB
       15
      14
    • 92.123.128.150:443
      https://www.bing.com/cortanaassist/rules?cc=US&version=6
      tls, http2
      MicrosoftEdge.exe
      3.4kB
       59.7kB
       59
      55

      HTTP Request

      GET https://www.bing.com/cortanaassist/rules?cc=US&version=6

      HTTP Response

      404
    • 20.231.121.79:80
      322 B
       7
    • 8.8.8.8:53
      161.19.199.152.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      161.19.199.152.in-addr.arpa

    • 8.8.8.8:53
      192.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      192.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      www.microsoft.com
      dns
      MicrosoftEdge.exe
      63 B
       230 B
       1
      1

      DNS Request

      www.microsoft.com

      DNS Response

      23.37.1.217

    • 8.8.8.8:53
      150.128.123.92.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      150.128.123.92.in-addr.arpa

    • 8.8.8.8:53
      217.1.37.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      217.1.37.23.in-addr.arpa

    • 8.8.8.8:53
      0.205.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.205.248.87.in-addr.arpa

    • 8.8.8.8:53
      9.173.189.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      9.173.189.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7HB61I1H\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PU9B6RB9\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • memory/212-0-0x0000017744320000-0x0000017744330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/212-16-0x0000017744B80000-0x0000017744B90000-memory.dmp

      Filesize

      64KB

      Download

    • memory/212-35-0x00000177446A0000-0x00000177446A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/212-94-0x000001774ABB0000-0x000001774ABB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/212-95-0x000001774ABC0000-0x000001774ABC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/5108-64-0x0000023164B00000-0x0000023164B02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-62-0x0000023153CF0000-0x0000023153CF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-68-0x0000023164BE0000-0x0000023164BE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-70-0x0000023164C00000-0x0000023164C02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-66-0x0000023164B20000-0x0000023164B22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-73-0x0000023164E20000-0x0000023164E22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-60-0x0000023153CE0000-0x0000023153CE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-58-0x00000231538E0000-0x00000231538E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-56-0x00000231538A0000-0x00000231538A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5108-53-0x0000023153880000-0x0000023153882000-memory.dmp

      Filesize

      8KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.