Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

file.html

windows10-1703-x64

10

Analysis

  • max time kernel
    130s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15/03/2024, 11:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.html

  • Size

    266KB

  • MD5

    bac411fadea20ce1aaa9c9df7e0c0dd4

  • SHA1

    6a51bb2a0675195d56a521df0d556b3c4e2f2521

  • SHA256

    31ebc652356b72ebd8ceac76c277f73cd1511a46e05551a894d13e600e5dcf2a

  • SHA512

    6f7bc0299d9e67abd90915b3b9038ffe1b3b355eac1d919ce93960a8ae4684897aeece4f2b2df7a0a1850b29af794f464da30d3e2f897ceddc1127f7edb8cbc7

  • SSDEEP

    3072:niogAkHnjPIQ6KSEy/rHpPaW+LN7DxRLlzgbf:lgAkHnjPIQBSE6JPCN7jQf

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 3 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\file.html"
    1⤵
      PID:2924
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Suspicious use of NtCreateProcessExOtherParentProcess
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2964
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3256
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2308
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3728
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1096

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF02BE16DA6B9FE373.TMP
      Filesize

      16KB

      MD5

      cb56ee5b5a106151405ff328d6b65036

      SHA1

      c9e1d4a8fb26429c1523708cfc6bc489153b3dbd

      SHA256

      6362759fa8759547e87064465d854d45d72317ac53c65b1d0aab5a8424e8bc3d

      SHA512

      4fd29450aad385de1910298ad585f8caf4fba0183edb1f162097369d087a9600de1721f7456537065df0d4043f609a099ddccb66d4da478079f6634a70491709

      Download Submit

    • memory/1096-55-0x000002C7A63B0000-0x000002C7A63B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1096-57-0x000002C7B7000000-0x000002C7B7002000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1096-59-0x000002C7B70C0000-0x000002C7B70C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1096-92-0x000002C7B6E00000-0x000002C7B6F00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1096-93-0x000002C7B7260000-0x000002C7B7280000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1096-109-0x000002C7B7640000-0x000002C7B7660000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2964-0-0x000001F8AC320000-0x000001F8AC330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2964-35-0x000001F8AC4D0000-0x000001F8AC4D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2964-139-0x000001F8AC740000-0x000001F8AC742000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2964-142-0x000001F8AC700000-0x000001F8AC701000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-146-0x000001F8AC4C0000-0x000001F8AC4C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-16-0x000001F8ACC00000-0x000001F8ACC10000-memory.dmp

      Filesize

      64KB

      Download