Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://dioslc.share...

windows10-1703-x64

4

https://dioslc.share...

windows11-21h2-x64

1

https://dioslc.share...

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/04/2024, 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://dioslc.sharefile.com/public/share/web-4bae243ffc7a4328

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://dioslc.sharefile.com/public/share/web-4bae243ffc7a4328"
    1⤵
      PID:3916
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4324
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4720
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3116
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1860
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2688
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4832
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2996
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
        PID:1364

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
        Filesize

        4KB

        MD5

        1bfe591a4fe3d91b03cdf26eaacd8f89

        SHA1

        719c37c320f518ac168c86723724891950911cea

        SHA256

        9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

        SHA512

        02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZDIGHWMN\edgecompatviewlist[1].xml
        Filesize

        74KB

        MD5

        d4fc49dc14f63895d997fa4940f24378

        SHA1

        3efb1437a7c5e46034147cbbc8db017c69d02c31

        SHA256

        853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

        SHA512

        cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\guide.-323232.1622565221517[1].css
        Filesize

        13KB

        MD5

        79e997ca126b2522cdb04fe90df21752

        SHA1

        9240fe86112391fe95c34f1e49e26c7fbc2b4722

        SHA256

        4b3a8a6f91f2f2b51fb6ab816435bd3e3b0c6622d005ba080333f49444083c85

        SHA512

        f97040e83a072f3385197118c0628c0f24693ef3c2aa98fe1f85da80af87a0d36825dd20301fc152e3b67011c1d83a2f08ec96c2785cc8bf54ec0ad0abb0b2ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\notice[1].js
        Filesize

        33KB

        MD5

        c06bec9b8b4f6c74c428b82916a8772d

        SHA1

        f84d0392bf826afda34ed01a17d8f39823def68f

        SHA256

        de3d8326aa5a1d20224bad2d954a71c015c17467351b41a6a8c62fc0edbbada8

        SHA512

        c592aed11cf0538232806ca348ed40637ba39a0860684ac2b03db6805e68af2f4088077ffd6a2761c1d2d7458b83738eab08a210ce0edaffaadca9d79211816c

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\pendo[1].js
        Filesize

        455KB

        MD5

        ab3fd0cb6314597ab80729e888511e18

        SHA1

        3dc53dc696df4a0487336f373ed4d89360d5c3c4

        SHA256

        1d2e5254aa8818e2199b5e2600199cf1039b294b419f1acbe8f768f4fe184313

        SHA512

        3ae87623dff8d3704ba5144fd864aafddf746060bc450f1b26f920c9dede663ef216cfff81a5d131d2882cc80de00d5eb9a762934dc141f0e1f89d9eff413762

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1E18XCS6\v1[1].js
        Filesize

        92KB

        MD5

        fd4c6774c4375af26d9d3052b630294e

        SHA1

        11275b2c3c04ccba7f38aba7e84850c97cac3075

        SHA256

        7904d8846e66f0c538335e696b4e06fe1d1d10f8856e275316d409efda45ead9

        SHA512

        9d6f053af487c11ffe97c1654b67f995dea2b76f954e200ff1b36ffe690499816f71d1dd5a942280f60a89a5b91ab3bc775e4b80c983bddc1265c876190e4661

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M7GNYNP5\warmup[2].gif
        Filesize

        43B

        MD5

        325472601571f31e1bf00674c368d335

        SHA1

        2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

        SHA256

        b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

        SHA512

        717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\39KYKMRZ\secure.sharefile[1].xml
        Filesize

        491B

        MD5

        3d197aacaca7325f4c154a0f5ab00a83

        SHA1

        555373efd3e5b9c8b21621451db67633cf7bef04

        SHA256

        82ff7ddfc181e512c30994c35eee7ebf73a7dd4d92bfc3130c85dd04c54dc487

        SHA512

        9b9b7ae7495d6fa235e70502b88ae988846c040b14821b8808356d934c101c4c8ab5dc8c1b599aa63f6ea5beadd418b7ba5b731a75bad957d10d790c9a608072

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\39KYKMRZ\secure.sharefile[1].xml
        Filesize

        787B

        MD5

        db9ca9e02065f51f26c1cd5479d6ece8

        SHA1

        47315c68a160134723da341a0cd6b41a77b43be4

        SHA256

        cc283c82243f9c5d4026d426f2ce9b820f2882d55eb6692a2241c66c36428e83

        SHA512

        e2b4f34735f5ce8905e7209d2bd6a874d567147830e2565448b37323a6feea1dd59a0f488cc7b42706a286b98c120e112ce6a5c4bc705749d1748382d4cbb124

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\39KYKMRZ\secure.sharefile[1].xml
        Filesize

        766B

        MD5

        4fad30b46376efbc4ccf986af44cf15e

        SHA1

        fcd33a1b38a8fdb92b3db55cd22f639ce83d339d

        SHA256

        a8595f1d6188539b4d82e5e10570bd9382f4f56e525cc085c47c612585f4438f

        SHA512

        f7fc96dd63331b153233414c5d1432e810e6a355f6ed1459a1007aaf9f48b40e4a7748b018376376c9996a3d7be0e9aae430c23a81b4394778e56f531554e2e8

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\39KYKMRZ\secure.sharefile[1].xml
        Filesize

        673B

        MD5

        2c0eb11a76b6e847207339b2b884baab

        SHA1

        6af3cbd4451ba62597b3542b030c34aa3e69de3f

        SHA256

        1e7127b7bb182abe9b4941e34de4420c658b28346a4c70751f242148fab38968

        SHA512

        a1d0d170d4782d575a71db8cd89a17bb30268fc508e411e82afb6c73a5bd983207267e8e90bb0719b67cbb71b921d1cb239b5bd7fbf34a840cdfa891006b4172

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\39KYKMRZ\secure.sharefile[1].xml
        Filesize

        787B

        MD5

        58306cee712e939908913f05416ae642

        SHA1

        ed3e371872529560b08cebd7e1ba6fbd41d8c89b

        SHA256

        c7e3a9239da145b1d6949e6e9b54797d5738214f4a1ae21c14999a09ff05ea66

        SHA512

        23e3ae1d7c2aaa01c6ead5d8eb2dc6856386f8fee0b241c04cc994bb53ea1475250c3e8094a2ea523470a9775be5638344c67771785a2b73a58445c99739cfdb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\39KYKMRZ\secure.sharefile[1].xml
        Filesize

        673B

        MD5

        232a9dcb15068016ed15a735326403ab

        SHA1

        b6ed7a09a06e2493792b496bfe0956d1edddd3cc

        SHA256

        ba7350a809ea81a36915e381f2a5715042f59a3326aea6467b94e63668d48b16

        SHA512

        3a85a2156dc533febcbe37eacc9788e59dc38c9b71b4a06c4d5771595b92825dcd62e834e106fb21d91414ceb6061a897cd7e84ee3d3241df5a17632c03d0d7b

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4PVGC4I5\favicon-32x32[1].png
        Filesize

        1KB

        MD5

        392332967f1bc39c81892195954a7a74

        SHA1

        b785f74316dadbc1a4766ff207621217c9e4ef8a

        SHA256

        69af998f2bf5fad67d50e7ad437b3dd8905dd8bf76aa3bd14bc7a28c5f7205e0

        SHA512

        406b1e9a5d21e42aa911fc0e560557f7e48d0c87c5462cfc2cbc971f82838717e3d8f7523190f7e4a2e941e56108fb0b53271d9db3f35bb6bd17a968b1c79fdf

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4PVGC4I5\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • memory/2688-332-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-313-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-319-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-323-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-324-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-325-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-326-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-329-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-330-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-74-0x0000018447440000-0x0000018447442000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2688-333-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-334-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-336-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-337-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-338-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-76-0x0000018447460000-0x0000018447462000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2688-78-0x0000018447520000-0x0000018447522000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2688-317-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-356-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-357-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-358-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-359-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-316-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-315-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-314-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-318-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-312-0x00000184368F0000-0x0000018436900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2688-130-0x0000018448700000-0x0000018448800000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2688-123-0x0000018447E40000-0x0000018447E60000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4324-350-0x00000201BBC40000-0x00000201BBC41000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4324-349-0x00000201BBC30000-0x00000201BBC31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4324-0-0x00000201B5620000-0x00000201B5630000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4324-35-0x00000201B2B90000-0x00000201B2B92000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4324-16-0x00000201B5E00000-0x00000201B5E10000-memory.dmp

        Filesize

        64KB

        Download