Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows10-2004-x64

1

Analysis

  • max time kernel
    587s
  • max time network
    598s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/o6d6l9f711xfxg1/Image-Line+FL+Studio+Producer+Edition+v20.9.2+2963+Rev2.zip/file

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/o6d6l9f711xfxg1/Image-Line+FL+Studio+Producer+Edition+v20.9.2+2963+Rev2.zip/file
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4248
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff875df46f8,0x7ff875df4708,0x7ff875df4718
      2⤵
        PID:2700
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:1580
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4356
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
          2⤵
            PID:2396
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:1372
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:2604
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
                2⤵
                  PID:4900
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                  2⤵
                    PID:3164
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
                    2⤵
                      PID:4164
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1856
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                      2⤵
                        PID:2268
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                        2⤵
                          PID:2504
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                          2⤵
                            PID:5348
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
                            2⤵
                              PID:5356
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4100
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2560
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4924
                              • C:\Windows\system32\rundll32.exe
                                "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                                1⤵
                                  PID:5644
                                • C:\Windows\System32\svchost.exe
                                  C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                  1⤵
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:5444

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  47b2c6613360b818825d076d14c051f7

                                  SHA1

                                  7df7304568313a06540f490bf3305cb89bc03e5c

                                  SHA256

                                  47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

                                  SHA512

                                  08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  e0811105475d528ab174dfdb69f935f3

                                  SHA1

                                  dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

                                  SHA256

                                  c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

                                  SHA512

                                  8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  1KB

                                  MD5

                                  8edeb42786e85931a905069058e08876

                                  SHA1

                                  83ca9965f265c7eb8d917ec6a9d69aea0d58f36d

                                  SHA256

                                  7c7862af8cd8c1feed112e13a160f3a5c6851ef830934e10fd71239ad02cae44

                                  SHA512

                                  e30ed8d4d8b7977153ae1fd85f274f0c13a70629b0b290ef71fac87227e8ca17d3c8de20b458a839c2ca084493511df1204e17d049c7dd9ad9c4334d9ec1416a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  111B

                                  MD5

                                  285252a2f6327d41eab203dc2f402c67

                                  SHA1

                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                  SHA256

                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                  SHA512

                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  5KB

                                  MD5

                                  318ff2b5f8beca84855cc53b792659fb

                                  SHA1

                                  b3a88412dee4cff64ea4e3ade44cc2472c6a47f3

                                  SHA256

                                  765b2e30e4237a22da175548b6307a64d9bc364d4b929f8cc85ab6b977ec04e7

                                  SHA512

                                  306c347264cdd79365145c420161e46128ebb9c62834989dda27bbba84f8338181e8b8f25d0952a2cbe647ff67e222ba8d820315a8191b296269c54307a40000

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  1dc8fd5dc82129ad00577471b5820ab8

                                  SHA1

                                  913dcfbaef419989685014b823da0642494eb6d8

                                  SHA256

                                  284612ad0106dedd1b82b78059a6cc79d2fffc6110317e9988a0a9909cb30a70

                                  SHA512

                                  2228d28be6cf29ac13cf0635e891ca94d2fe02f4f25bd98c82e3abf18e34720823b644cef59ccdf609c28f4d4f43250dd2f8d9febbd17bd6a3264c1de7582573

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  8KB

                                  MD5

                                  ca50aed274739185eec5ab8d1da056c4

                                  SHA1

                                  843f248e8330d3e503abfd228e488032522d93a9

                                  SHA256

                                  93a6c44a3b1e0a65827c49e7380af3993fb2e0309d3deba0536a3cdc2fba804d

                                  SHA512

                                  a78427e15822405c01431202f051742a63b9e9d8d9ec095a7fc664c73ec34d93d66b1393a0e99c8d45168c12198e78832a7ffbf15d0497e53bc13516fa816936

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  8KB

                                  MD5

                                  3f28e044cdc0d7a881661f887188399f

                                  SHA1

                                  cd069db3be22d0d4d5bc6f07a182072de1351f00

                                  SHA256

                                  e8189e608546028e7c9dfd06a5123d6e1590a601197c0e8e8f87a588db45f2c7

                                  SHA512

                                  fd57b66fe4f19b8fad74044e928a4448583242af240e28f7bc8b1f571e3daf369a3904f2801b9ca7e9f287f1691c902303356014cf96d9512db99bd9051e67da

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  2f04bd86fa5a29c091f480b5a0ab8449

                                  SHA1

                                  17ad71001216c59bb20bf7d423391fd86436f6e0

                                  SHA256

                                  f95ed5f54a4c4fcecc0be25ab2ddfb50c32158ed7fb691d7c7dcee67f75d48f8

                                  SHA512

                                  787305a751fddc32f6d4f698ca7431fe41f9bc874445eb4930e94cd015c868a911c82bbb3f07e0ca199b9ad4cd94add0ca5632caf23f526e63f506d0ef7fc4a2

                                  Download Submit

                                • memory/5444-271-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-277-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-268-0x0000022A9FCD0000-0x0000022A9FCD1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-269-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-270-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-252-0x0000022A97740000-0x0000022A97750000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/5444-272-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-273-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-274-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-275-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-276-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-236-0x0000022A97640000-0x0000022A97650000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/5444-278-0x0000022A9FCF0000-0x0000022A9FCF1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-280-0x0000022A9F910000-0x0000022A9F911000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-279-0x0000022A9F920000-0x0000022A9F921000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-282-0x0000022A9F920000-0x0000022A9F921000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-285-0x0000022A9F910000-0x0000022A9F911000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-288-0x0000022A9F850000-0x0000022A9F851000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-300-0x0000022A9FA50000-0x0000022A9FA51000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-302-0x0000022A9FA60000-0x0000022A9FA61000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-303-0x0000022A9FA60000-0x0000022A9FA61000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5444-304-0x0000022A9FB70000-0x0000022A9FB71000-memory.dmp

                                  Filesize

                                  4KB

                                  Download