Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://thepiratebay...

windows10-1703-x64

4

https://thepiratebay...

windows11-21h2-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/05/2024, 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://thepiratebay.org/description.php?id=16076637

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: MapViewOfSection 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://thepiratebay.org/description.php?id=16076637"
    1⤵
      PID:2916
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4504
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2076
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4828
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2856
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4540
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1132
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4152
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:484
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4912
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4252
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:772

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J5V6KJ4P\adManager.l[1].js
      Filesize

      321KB

      MD5

      77a73c56b4a23f02eed7c8822a4b1c19

      SHA1

      4c5ce5e16c673d0aadd6824f9874ce5460c03368

      SHA256

      9202c1d1e59554d3d9e63262942aecbbadfd32fb29df25930a5f5e3495682f08

      SHA512

      bacd23315ead79a101a4cd7b808eac17e51ce2673df382de33d73f00ac0b6d8be4ba9f1f6022f3fb2865f39a7b430175e2858bf441c12e3665352da2965f4b15

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J5V6KJ4P\adManager[1].js
      Filesize

      1KB

      MD5

      1e936cad37e18ba5bc2f07acd57447d6

      SHA1

      f55969248208bb6871e28b9478761ffb25207c35

      SHA256

      e98e6a93ea15df4d4fe1e38c890f29512d739f493428436defb914775df550f8

      SHA512

      87a585718ff8099836a389311a8997bc11ac650b376132332ef3a233fb40744df3ec5a89cc6a7e755482f4d048e98c21088c646f2f6f695f2e9b918c36632408

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J5V6KJ4P\blDQvtJyk[1].js
      Filesize

      32KB

      MD5

      f48baec69cc4dc0852d118259eff2d56

      SHA1

      e64c6e4423421da5b35700154810cb67160bc32b

      SHA256

      463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

      SHA512

      06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      1KB

      MD5

      ec427a59c5ce83f8c854d241088caac0

      SHA1

      5421264a03c8804136cc20da28ef6b7d05281a0f

      SHA256

      e01c989b4663ba6a225ea9e066cb35c75425a9db5b4d52c242f6800d03db61ff

      SHA512

      affb4007c3a3069e98d81c71b6d7efff5c71d68cb2c70f3863119e34b93cc743fab8a227cf331d8e4238cfd98c838c4768aa95e009a978bb0fde2c240b85a2bf

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      1KB

      MD5

      8d210de52938db7cf277cc3d9d13b66c

      SHA1

      b2abc8766975f0816cd5eb1e8d4cd20fbb73ee7a

      SHA256

      722694e44c4d377467a49c504c824fa4e70ed96cc517d54c64b9f813378d251e

      SHA512

      67e2a94c0e9f11fdb2b3279c5a0e1e47102d378d8e6e7da8f3c2bb16692fdd5c55aee3210feb2fd499792fa691df2c2014c9f9a2f9d5739e55f0c79f102d802e

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      365B

      MD5

      1767a1ba1077791d77aa6c8e88e238e0

      SHA1

      af49bb5056aa791b2f608ffbc58e22789e72de15

      SHA256

      f7b8abb8a84d51fd6b73c85a786e5a604cc5318a5fe63b08e14fed4199f13509

      SHA512

      822562651dbe32352a24b14426273f707df1e159666b55db7e6d6ac0a6ea521d858422b2bc9729ae030805f5ca8708e5bda767c00dd33a9c72ba79079d9cbe9f

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      365B

      MD5

      709dba011a6dcdce95abd58508cee7dc

      SHA1

      f4bd13dd270c3f52849bdde963c2dbb14779f9f2

      SHA256

      3c5a0397f1248cc6d7d4e3d190fc175a9a6df47b88bb13f87ffdfc20e0aa3ca6

      SHA512

      e78026d704157a58ed7a62ffb072b85221c5a5b35caa2d5bb0ec624a12fc38e83cd44c0eb8316a524b8e4f1342926e3e9ccadf9970e837b386e5559a1568ee2c

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      1KB

      MD5

      5ba0887947df4f27ea53a795e1e30283

      SHA1

      7288bbf3208c59c1a4cf866f11d7bdbe59f9cb51

      SHA256

      b9c80c236370a2d285f22c69c51a84ab7cb8d8dce4471a64b2a365f06af0d289

      SHA512

      c75d97b79b0857da6b27b1f5fa76661da2ad84f4415fba51de95ac726c112310578e1b6c29dcc9e2564d405fcf8f595aba628f9f1cca71f26b52abc01f1f4ef4

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      1KB

      MD5

      0679e341e6a5c0a28708c005c649af92

      SHA1

      d8facdc359c7dc01cf681543be69e05e352d0594

      SHA256

      e3e0b5f36db59d7a11f4f6e0f3c2826672c38f723ffcba31a01e7431d6da4e56

      SHA512

      1496fcb0520d85c20edf2d1c37473c2767e31edd8ad3a792214a0c8e7d1e2fe2c0a3d1165cdee18747e296dcedfbcf6080b504162f350069e95ca76a95081d18

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      1KB

      MD5

      79fcfde24e2546e78dc6f5fffb565bf7

      SHA1

      249d57658f67b704d0544aeeae9a267c7f3212cc

      SHA256

      eb3141e02180bf4fdda72040eeaa8e26ba943b218defb043b9ddfb485d2e0efc

      SHA512

      10681e1152d117b09c09d47866b60a651919357a183088c146ecf54781e03fe5fd5804728954a2bebea74726b0d2401468b8a30d45e86ff7faf9a23e7f804b47

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NVPZ4UXF\thepiratebay[1].xml
      Filesize

      1KB

      MD5

      97d4016af327ddf9c464517746eb8fb5

      SHA1

      76941c20fe7b5f655fdc6e73da0ece1ab229e3ef

      SHA256

      e872213d4ed8b82c4aa92612315cdebce3d14894d3217ff8748e756d214d6105

      SHA512

      d42d7f34eaafece280ba9087b2f4d78d829f417d921ec392bf561dad922a5dd97239020466de20b52fa16e5e6b76b62d027e7bfd2ac3273e8c95d6fe506fb1d7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\DKQIJEC6\www.bing[1].xml
      Filesize

      97B

      MD5

      0639bd14a942b769526353161d93a984

      SHA1

      986ac49d26891a7f06fb1cc7108b13ad9f0fb074

      SHA256

      c986e0210ea6fa845ef368968974a4e7e5e2470d93d6ebdeece09c0ee6a62a5f

      SHA512

      2aa67e6c634d58f5fe695c1d5b15ad7d11fab85df66bbeb996a4b3e495386c0f68813f2d161627bd92d31ec23124d28de0039597ce0b046cfd67c3602af65260

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3YX1WY6F\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NL4IWYUX\favicon[1].ico
      Filesize

      824B

      MD5

      b407e86e0a33574c3079d83fe36e1da6

      SHA1

      fc0e3d17c0d17865a24f3bbb3afd8a1ed0bbea83

      SHA256

      fab9c76a90a2be44b10dfc214c044b7105fd02ac545b322ae3f1ac3a4c697ac3

      SHA512

      ad31f356e489007702798dc83c359b6fce8a41a20ac28e73bf6153e38896211036791b14d3f6826c27c8c2ba359e1cd4367907d068e9788697a657939ed41064

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NL4IWYUX\favicon[2].ico
      Filesize

      758B

      MD5

      84cc977d0eb148166481b01d8418e375

      SHA1

      00e2461bcd67d7ba511db230415000aefbd30d2d

      SHA256

      bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

      SHA512

      f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF3E58B74EBFEA81D0.TMP
      Filesize

      16KB

      MD5

      e018b9e7f74657f0223ebaa079edab8e

      SHA1

      05b2fe0b9daf32e91b38404a246b79df11a4825f

      SHA256

      5d2944d662392b7e5451266326fed3056663224353329ccfefebfbe430a718c1

      SHA512

      977d63c7ce666de5fc26d13ae31b0c33fac6a91512943ea41c3e72bf75708d5c9c5e6e17c6013d310b418863f7c10736f0332c9a9c9410e8b6f99a41c26d710b

      Download Submit

    • memory/2856-44-0x000002494E940000-0x000002494EA40000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2856-43-0x000002494E940000-0x000002494EA40000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4504-35-0x000001B0DFAE0000-0x000001B0DFAE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4504-16-0x000001B0E0B20000-0x000001B0E0B30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4504-250-0x000001B0E6EF0000-0x000001B0E6EF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4504-251-0x000001B0E7110000-0x000001B0E7111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4504-0-0x000001B0E0A20000-0x000001B0E0A30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4540-305-0x00000232C94F0000-0x00000232C94F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4540-338-0x00000232C8760000-0x00000232C8780000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4540-445-0x00000232C90A0000-0x00000232C91A0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4540-444-0x00000232C90A0000-0x00000232C91A0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4540-457-0x00000232CAE60000-0x00000232CAF60000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4540-502-0x00000232C6E40000-0x00000232C6E50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4540-505-0x00000232C6E40000-0x00000232C6E50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4540-509-0x00000232C6E40000-0x00000232C6E50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4540-511-0x00000232C6E40000-0x00000232C6E50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4540-510-0x00000232C6E40000-0x00000232C6E50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4540-334-0x00000232CABA0000-0x00000232CABA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4540-427-0x00000232CC200000-0x00000232CC300000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4540-65-0x00000232C6E60000-0x00000232C6E62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4540-59-0x00000232B6C00000-0x00000232B6D00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4540-309-0x00000232C9650000-0x00000232C9652000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4540-307-0x00000232C9500000-0x00000232C9502000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4540-62-0x00000232C6E30000-0x00000232C6E32000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4540-303-0x00000232C94D0000-0x00000232C94D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4540-302-0x00000232C8A00000-0x00000232C8B00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4540-68-0x00000232C6F20000-0x00000232C6F22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4540-287-0x00000232C7D00000-0x00000232C7D20000-memory.dmp

      Filesize

      128KB

      Download