Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://undetek.com/...

windows10-1703-x64

4

Analysis

  • max time kernel
    129s
  • max time network
    130s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/05/2024, 13:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://undetek.com/free-cs2-cheats-download/

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://undetek.com/free-cs2-cheats-download/"
    1⤵
      PID:2856
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3548
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      PID:3336
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2080
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3796
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4920
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2500
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3520
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1452
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\undetek-v6.0\undetek-v6.0\undetek-v6.0.exe
        "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\undetek-v6.0\undetek-v6.0\undetek-v6.0.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4316
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:396
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\undetek-v6.0\undetek-v6.0\undetek-v6.0.exe
        "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\undetek-v6.0\undetek-v6.0\undetek-v6.0.exe"
        1⤵
          PID:3372
        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\undetek-v6.0\undetek-v6.0\undetek-v6.0.exe
          "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\undetek-v6.0\undetek-v6.0\undetek-v6.0.exe"
          1⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4648
        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\undetek-v6.0\undetek-v6.0\undetek-v6.0.exe
          "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\undetek-v6.0\undetek-v6.0\undetek-v6.0.exe"
          1⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3600

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
          Filesize

          4KB

          MD5

          1bfe591a4fe3d91b03cdf26eaacd8f89

          SHA1

          719c37c320f518ac168c86723724891950911cea

          SHA256

          9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

          SHA512

          02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml
          Filesize

          74KB

          MD5

          d4fc49dc14f63895d997fa4940f24378

          SHA1

          3efb1437a7c5e46034147cbbc8db017c69d02c31

          SHA256

          853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

          SHA512

          cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3I1V3XS8\undetek[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\57QJXHSK\undetek-favicon[1].png
          Filesize

          516B

          MD5

          fcba8f3f5b5286f3b0dbee7cb80bbafa

          SHA1

          5e4ea14d4488bdd044d0843446513d108188b35c

          SHA256

          79774fa5d9c05def012763414368475f8adc6c29bcaaa5ddb482bbbe2b86641b

          SHA512

          bc4b5dda5ca5c416de2ea7fd160ebcac89f20d40a8bd1f19785dcdd5b38a732fb2cfbf026d7946b96714df4d99ac15b3ec865aa74f156372fa89acb4fd8ccbb8

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TVIVSQH5\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\undetek-v6.0[1].zip
          Filesize

          47KB

          MD5

          b7aa7cff5d06535aebbdef0be25f963b

          SHA1

          916739af78a1f098db4c2adb8e9594c225072dc0

          SHA256

          2d20dddc039f295e8aee5cf3ae68a006a51b36552f6d15515ce4b0fbd21d8372

          SHA512

          d38bdcdeb4e3f17387035ac98cd6be6fd62f5a27b065578dac8570d0b7fda6f71ba3c4e3e93e63cced585df8d22cace3d91c922fe7be7b21d270fbb7ee37514b

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          489a89b0a557696c6e623ab2079b74f7

          SHA1

          8775908130d6c010958c9ed6618e81708a17e411

          SHA256

          38185bd55754c319f0e381646cac1a4aeea31ee9a58ce47badc48df019b129d9

          SHA512

          01af148c30a65ffa93e68741d3a71a6c5e59842cb328c426cd4661aeb7cc756452309feb54fbcd46efaeffb1fb060ec7858511ea16be7c8df255f24cff2e7a62

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
          Filesize

          724B

          MD5

          8202a1cd02e7d69597995cabbe881a12

          SHA1

          8858d9d934b7aa9330ee73de6c476acf19929ff6

          SHA256

          58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

          SHA512

          97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          44bf2d1fb4ba2c0a8befa8da6309408b

          SHA1

          648bac29cbaa1b91751ad8605fe84575690565ae

          SHA256

          febed3a05a061ea1c157faede8b67091a262c4473b3b569dd2716f49b041a7ac

          SHA512

          3dd36c82695f3007fe5693a6466d27aa6703ba1b8794bac51970fab7ac613311396690dc8117c2ac2421cdefcedca1fd0f76ac80c6dcb1c069661f10ea395307

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
          Filesize

          392B

          MD5

          18fae0901601d05d96fa30bd663472b3

          SHA1

          b45d5296e0878d1e12a086d18c18a09675f62f55

          SHA256

          520b915fb81c428ae2a623e105ebf2ac6f9f612450d8218190fc68ca28e1e8ba

          SHA512

          68a8f9ac312ac43e165c44ae143bf18959d6e3e03234344f50e7a7809c2ebc93f3b2ad436d5dbaa3a0f7c3f0fe48548079e935cf4b34dcb25e2cd7cb268881ad

          Download Submit

        • memory/3548-0-0x000002DB5F020000-0x000002DB5F030000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3548-295-0x000002DB65800000-0x000002DB65801000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3548-35-0x000002DB5C3E0000-0x000002DB5C3E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3548-16-0x000002DB5F120000-0x000002DB5F130000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3548-296-0x000002DB65810000-0x000002DB65811000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3796-45-0x00000299C5EA0000-0x00000299C5FA0000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4920-68-0x0000020E1BAF0000-0x0000020E1BAF2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-193-0x0000020E2CA10000-0x0000020E2CB10000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4920-333-0x0000020E32500000-0x0000020E32502000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-351-0x0000020E2C9F0000-0x0000020E2C9F2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-354-0x0000020E2C310000-0x0000020E2C312000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-356-0x0000020E2C320000-0x0000020E2C322000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-167-0x0000020E2C9E0000-0x0000020E2C9E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-165-0x0000020E2C8A0000-0x0000020E2C8A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-163-0x0000020E2C7C0000-0x0000020E2C7C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-159-0x0000020E2C760000-0x0000020E2C762000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-66-0x0000020E1BAD0000-0x0000020E1BAD2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-70-0x0000020E2C3B0000-0x0000020E2C3B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4920-65-0x0000020E1B680000-0x0000020E1B6A0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/4920-61-0x0000020E1BE00000-0x0000020E1BF00000-memory.dmp

          Filesize

          1024KB

          Download