Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

50.html

windows10-1703-x64

4

Resubmissions

12/03/2024, 21:56

240312-1ttq5sdg39 4

12/03/2024, 14:31

240312-rvwgpaah9s 4

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/03/2024, 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50.html

  • Size

    162B

  • MD5

    b6a1a37fc4ff7a4133530bd086b1e7ca

  • SHA1

    67b4ee209cb3c69b38693c5884a8f5267c7407b5

  • SHA256

    9c8c654fe26ffff624d54b10e91c30938ac4019fe8c64eb6d739783b9b5f10d0

  • SHA512

    b572fd77899459294e8c437f5cfcaf092fa1021558ac8271e82cc57b1012c1c198899b8b303518c5910144a81e7f008524f8cf3b95bfefcc0f750a74a2e9b05a

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\50.html"
    1⤵
      PID:2880
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1488
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:308
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1772
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4160
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4336
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2380
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4000
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4192
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F99ZY69S\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FDQTN9TW\26b09a4a794ca131e59fbf0030997016a713557d6399[1].css
      Filesize

      75KB

      MD5

      d75bc33f0e1f113e13918a1574bed89e

      SHA1

      ce9524469a86d2cf429390d9a2b09151906f16f5

      SHA256

      c2815908a70bff8204d9c9dc034dd649f3f560a90112b11ddd5e0e53583bd39c

      SHA512

      151a8dfee28aaf232ed27150be0fd259b3c31f176187caf59ba231d067db9a6886bdf62e9bc73632cedd001847d7168fa2ad598e71b315385f547f899ec7361f

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FDQTN9TW\558cde7a50db876caca3946a417363544cdf22795dee[1].css
      Filesize

      10KB

      MD5

      2113b6560d12d0fbaafcb9b964364591

      SHA1

      781afbd9b39e0ccfd8f6a5d906a48639b62105e0

      SHA256

      02ed5fedd4d231fd7599d828707a1af9728f3dd33876047b5b045c1cec3f5d02

      SHA512

      78c3d3d5056ca06dfb66cfad0820de44b947859b4f886e21ecc6700ba31ee9b7f51faf45d100e6ae591147382cbf18c79c8b9d42ab2dcd93e4318227bd404a8e

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FDQTN9TW\analytics[1].js
      Filesize

      51KB

      MD5

      575b5480531da4d14e7453e2016fe0bc

      SHA1

      e5c5f3134fe29e60b591c87ea85951f0aea36ee1

      SHA256

      de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

      SHA512

      174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KLDCKYDM\a8be8588a2a84fe04f590fff4d22d3240fec8db00d26[1].js
      Filesize

      102KB

      MD5

      c798a00f7dbc5d3f6ee6312acd0de71f

      SHA1

      b10cb8252917f78ff5c5241a5cfd4654bff08772

      SHA256

      d627d0202c593e635bc9a662fc641090d0c6402dce8a2468aa8a0cdcee7c8d3f

      SHA512

      d6ec377b81fcbb89a8ccfba71ff4b0c6409e909ef89c4e51592f7b8997103cc2c5e5dd1f4f6e8225d6a5a87b8322e1ef962129723a539ca1ee3aebe4ad90b1e8

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KLDCKYDM\c7e6873b48d8435573010d7dbe3d9dc2c757b134938c[1].css
      Filesize

      5KB

      MD5

      8e61ebf5e7099224faae3ee61be0e439

      SHA1

      433ff93ebd0872fdb8750569824684eaee0dace1

      SHA256

      f653dbf761adb689f70bdfbc792ae65192e95b544d7e66dce483a4931b4c58e3

      SHA512

      f3a2c5b1471952950aebb30f6da4fdac54eafa8b5fdd66ca3d44171b0eec17a309460f15b22af8cec00da1703b89367db2348b12f0501c0f3ae3d3599040a741

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KLDCKYDM\jquery-ui[1].js
      Filesize

      458KB

      MD5

      c811575fd210af968e09caa681917b9b

      SHA1

      0bf0ff43044448711b33453388c3a24d99e6cc9c

      SHA256

      d2f0522008bff05c6434e48ac8f11f7464331436a4d5d96a14a058a81a75c82e

      SHA512

      d2234d9e8dcc96bca55fafb83bb327f87c29ae8433fc296c48be3ef8c9a21a0a4305e14823e75416951eecd6221f56fbbb8c89d44b244a27be7b6bea310f2fd1

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KLDCKYDM\warmup[2].gif
      Filesize

      43B

      MD5

      325472601571f31e1bf00674c368d335

      SHA1

      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

      SHA256

      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

      SHA512

      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O7J6OFD6\58bc8d4199edc7d8a2f268882cc1093bfe848e8cb928[1].css
      Filesize

      11KB

      MD5

      dacb80dabfaebd8b5c696ca29bddd59e

      SHA1

      d10bdeb6162bb0591b13799eac711d320958d1c5

      SHA256

      6a13129c52b4af929efe3e1fddeceb315a4f8038ad01c469f8d45d5c19483ac9

      SHA512

      dc812155362dd80a49c903dd65953594c0c75b665425616f203ff77e78499174eb400d9ebbec5b670a46b81c316f166eeed202e6b965f0f02587a49f2ada61f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O7J6OFD6\jquery.min[1].js
      Filesize

      86KB

      MD5

      220afd743d9e9643852e31a135a9f3ae

      SHA1

      88523924351bac0b5d560fe0c5781e2556e7693d

      SHA256

      0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

      SHA512

      6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UKXZV4IH\8a94150d3b446d3729f5aa508c4b2e97e14f124ece37[1].css
      Filesize

      20KB

      MD5

      76b1bdbafa76a16eb077711e0852240f

      SHA1

      4eeaffc1d6645d958efdf93b127bd345134bdee0

      SHA256

      e72bfd5b2451298de330b65ffbf950c8f830c5d373435f26fce733e1264bef5d

      SHA512

      fa7e4606b736edfc15d42e00dc83e8e4ee20b8b79cd7c10b393d29ad220afb75fcad5b959b51fb37c74ee9970ebf80cd7a75d7e4e8be1bfa8ec3e79d2aca4cd1

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UKXZV4IH\8d84ec686b9960e5cf1a455c3048d30f6c0ae5264c18[1].css
      Filesize

      19KB

      MD5

      2727c215f1b26015043511e9735a46f7

      SHA1

      7d1dc9acca9b896d0e880973e33e339188fab602

      SHA256

      dbdcded3c4261a3c9d79cb3cf9e641744ad1f2db504690f3a1a06f6b3893dda4

      SHA512

      dc048227b3c80caf9ba2193d2f58af19745e1c4efb893ed742a8b54c25509072186c9141aa963e0454bbb91dcb3945ff3862ac09cc12471d5e9a357246104708

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\65Q3LHUG\www.bing[1].xml
      Filesize

      72KB

      MD5

      67489a23d3e1fdc6bc6888ca357e3b9b

      SHA1

      f637d2248b22026005f07a4191536e5a0bec121a

      SHA256

      3efd38e4610f08df937643c2f39d66be14f5a3126e3e057e0204557809624354

      SHA512

      d3540016bdc932040c4473c962aa6b8fa0a5a1231916ea62ef6a5c649125a55fce0a9f43102dd41b9387ca32544357141a66be2255ed6c0367bfeec4096912fc

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\C65JWETY\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H5S1209W\favicon[1].ico
      Filesize

      37KB

      MD5

      231913fdebabcbe65f4b0052372bde56

      SHA1

      553909d080e4f210b64dc73292f3a111d5a0781f

      SHA256

      9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

      SHA512

      7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\pblyhkg\imagestore.dat
      Filesize

      46KB

      MD5

      9d71fac751be044ba836261b7d7e0be0

      SHA1

      3ba93dd7ba414bfc983c3f4b4979a5788af2ae42

      SHA256

      f556b47288ca935fc0ed1e6ad51c5b2057917fe225d1f694a09410695e57316b

      SHA512

      18652feb0ceb35f13498fc9b8c909604d10cd733d179927310a697f089618eb07f97ccbf69eb7c9ff8a1b0d4a47fc5d260d6a6eae51d6b84a580107a8a7f37d0

      Download Submit

    • memory/1488-0-0x000001A75A420000-0x000001A75A430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1488-35-0x000001A75A5D0000-0x000001A75A5D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1488-16-0x000001A75AC40000-0x000001A75AC50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-196-0x000001C778AE0000-0x000001C778BE0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4000-401-0x000001C766100000-0x000001C766200000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4000-412-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-413-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-414-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-415-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-416-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-417-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-418-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-419-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-421-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-422-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-423-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-424-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-410-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-411-0x000001C7557F0000-0x000001C755800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4000-376-0x000001BF015F0000-0x000001BF01610000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4000-246-0x000001BF01170000-0x000001BF01190000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4000-233-0x000001C779750000-0x000001C779770000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4000-199-0x000001C779520000-0x000001C779620000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4000-197-0x000001C779520000-0x000001C779620000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4000-194-0x000001C777720000-0x000001C777820000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4000-191-0x000001C777380000-0x000001C7773A0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4000-147-0x000001C776CB0000-0x000001C776CD0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4336-60-0x000001DE52BA0000-0x000001DE52BA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4336-62-0x000001DE52C60000-0x000001DE52C62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4336-64-0x000001DE52C80000-0x000001DE52C82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4336-58-0x000001DE423E0000-0x000001DE423E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4336-56-0x000001DE423C0000-0x000001DE423C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4336-53-0x000001DE42390000-0x000001DE42392000-memory.dmp

      Filesize

      8KB

      Download