Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Lossless S...ks.dll

windows10-1703-x64

1

Lossless S...ss.dll

windows10-1703-x64

1

Lossless S...ng.exe

windows10-1703-x64

7

Lossless S...er.exe

windows10-1703-x64

4

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    315s
  • max time network
    389s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/06/2024, 23:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lossless Scaling v2.9/LosslessScaling.exe

  • Size

    962KB

  • MD5

    4c8d9566dc1e5f1eae914a546ee819a0

  • SHA1

    8b16f43b0c84a43eecb24aad51d33795752a3b07

  • SHA256

    b5b9671a6e309afd15a595ca96ce2d294f26519c73e68c4909418a3129c6db68

  • SHA512

    5a7ded63ec2c6d3320d14bdc876c4f51c1a7c6e1c8a89028f646c03a2b393262db3b16d66b58903a83f0aa34218a8649aeeec0cf49a0ac9a404d29336bf85532

  • SSDEEP

    12288:ixNRPEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaGwnzE4ZbuRCwmhI2J+0sDw8:irRWtMCLPf1Oi32OvzTo4ZiRlT/vl

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lossless Scaling v2.9\LosslessScaling.exe
    "C:\Users\Admin\AppData\Local\Temp\Lossless Scaling v2.9\LosslessScaling.exe"
    1⤵
    • Checks computer location settings
    PID:2776
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:372
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:1288
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2152
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3284
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4236
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2564
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:504
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:316
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:4120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RSV0Y22T\dotnet.microsoft[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RSV0Y22T\dotnet.microsoft[1].xml
    Filesize

    84B

    MD5

    eb2060f5d9654ca243fbced516d59565

    SHA1

    edeafdedbdded84bf0ff8c5353e307b466f762fb

    SHA256

    3c1dfed5de5927bbae276c5af49bdd38fe8cf7332dadd5406f469c17a68a9536

    SHA512

    b2d8875e678a9fc2145d6249fd997615e450ab50ee956c6817a66a64891b80ee5db70aa3a168f947739bdd6a6924105d0862be88a41de399379458a10dcee14c

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8L81Y5DZ\favicon[1].ico
    Filesize

    161KB

    MD5

    8565042b6db20c23647202bf4b95f11b

    SHA1

    9f0829cb3ceef14ac10e0b66338d8b7243a09101

    SHA256

    dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969

    SHA512

    dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QP6ZO89V\favicon[1].png
    Filesize

    7KB

    MD5

    9e3fe8db4c9f34d785a3064c7123a480

    SHA1

    0f77f9aa982c19665c642fa9b56b9b20c44983b6

    SHA256

    4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

    SHA512

    20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ogptdbb\imagestore.dat
    Filesize

    163KB

    MD5

    a040b47aab4291e37aa61cfcb2c31dff

    SHA1

    d935710d670f3be1e100cd60965cd98b9f506fdb

    SHA256

    ef7e3410a6a21aa0f61c583ffa81b9a8f4e9db98c980823d1ff210ad6c433190

    SHA512

    18d859890013916f39e93865211e88f9d018137158cfd3caa36e16905a75fb1f9c01fef00217714f59f238022b546c9515a9ba1f9ede261c61b3cb953ccd5ea8

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFA9927D6E2F19C8CA.TMP
    Filesize

    36KB

    MD5

    08b658641f6550e1a730f611e61aaa65

    SHA1

    166773408410e2802f13a7fe3b4ec682a6eb2a35

    SHA256

    98471fee7223205fc048eb4ba5a647fd45f3d4c9ac73f6b24f5f24648a046107

    SHA512

    27b3d05efa4917b1639dae951258c2b57d465ac577a1f387885049a3514b08246dcbc5d6405b80986607cdfec70d0f44c790778079a32bb7085bbd66dfa3b81a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JEXP5XSF.cookie
    Filesize

    279B

    MD5

    9d96e18c7e0543430d5865e76082161e

    SHA1

    1596b598226ba7d21828edb6d3b1400480935784

    SHA256

    8e04669652353c52016d4351d7b65f3c940659ecc5c07e0a6dbec48e9d8c8cb6

    SHA512

    b31390342b7ccfb2e3e779f330cbe17a537ea363bb08f8b5d3cfeec0d6d120aee26b3f83bd560328c7085601298a3aa38e6fb48cb2d34a2b10172582e5d587da

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
    Filesize

    471B

    MD5

    e4aab687777767aae1e948c7a567a284

    SHA1

    84104723a3188e50eca444c81a2199137f445364

    SHA256

    ba655a0ae56281a0b45f2974557e2764cfddb8cf7c20f59729d5bf44c0c304e5

    SHA512

    8458fda3de9dc783fc66f784b4d8fd97bbf828106a2209870c5ddd27281da9d2e8c0858deda00e6146a66fb6a5fd02fc87362d6a5cc4c5e2981c9c37f9af73e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
    Filesize

    471B

    MD5

    972258edbb685f2083ff4f67d8ebfff1

    SHA1

    fce3511b6dc5d5db713e26de3fe0e4cde0f80ca2

    SHA256

    d910ea290d03606c9c08af131be82a4d1aa85f41a604ff4917fe05dfdad334e3

    SHA512

    553c17b9f2083a978d69444a02369df97f500e29b7fccc8c1feaf0503331222c45127b52ecf4470a1865fc2df77da755f131b42d1a35f2a5a029c4fcdad8faff

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
    Filesize

    471B

    MD5

    3bd7efce74ac364ee1b748c648f968cc

    SHA1

    b045ae66be515891a489ff14a65c58de8cdfdefd

    SHA256

    31c947810e9e4897bb8a90aa9ed61c13e57434184a2f19fda35ee1d3f4dbf54d

    SHA512

    34b602d32b4adcdfb26143485efb565b5e99bee94ba0686e7b7cf48ae8d20e52a574274ec3666c3e31159a06b278209df2456f2a1d3a517811b6bb2a7022af2e

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
    Filesize

    412B

    MD5

    a8697e20338f0dc8e954cd5322f1fc1f

    SHA1

    6c04788801c793828ad314876c78bd657a811d4b

    SHA256

    37dc1702c8724fec6b472b60e7e961aed499b301958b45a69562ae5a5ef8e0fd

    SHA512

    c73f2cff05ae597e917b1e6c679dea70c4363a53c6c16324d75bbe29256926d200cfba125f944c07cd914dda914842fd8573441bb30c38afcdc883d82653fa7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
    Filesize

    412B

    MD5

    c0ea700cf409b6c880103a46602b72f8

    SHA1

    b680085db1a4b962c9f7a8a8a149a60c77146f8d

    SHA256

    b11975395dc05b037f015fc5897ad4bfd005cea1217bd844dfbb4f2d9c019199

    SHA512

    1b17144c0ac5ae24c089f91e4b96e3a43c6d5b69e1b55b5ff6977d1a114910b85b4c781bfe1b5b02dd084f293c157ad4ffbc888d2b3d7d5c582650971e76449c

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
    Filesize

    412B

    MD5

    a75145a4e448d57317f061e2dbf2e8bd

    SHA1

    1a569bf3d55b256133d44f81c6b8cb601f2ffc7d

    SHA256

    35450496538cff2a69e9570171e488c7e8e1d88ff2578a57878007245df1f442

    SHA512

    7618b6dbbdf8df7bb1925244529ca097cc1ef7ab858f522f7cb6cf6015d3c5febd443e1f1eb99ed28b2f24d064c5e6def81e6074e6fa1ce7f0ec1222f9e2bb80

    Download Submit

  • memory/372-78-0x0000020FEAD10000-0x0000020FEAD11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/372-77-0x0000020FEAD00000-0x0000020FEAD01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/372-35-0x0000020FE1C60000-0x0000020FE1C62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/372-16-0x0000020FE4720000-0x0000020FE4730000-memory.dmp

    Filesize

    64KB

    Download

  • memory/372-0-0x0000020FE4620000-0x0000020FE4630000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2564-211-0x000002B5EB790000-0x000002B5EB792000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-217-0x000002B5EB7F0000-0x000002B5EB7F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-215-0x000002B5EB7D0000-0x000002B5EB7D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-255-0x000002B5D5800000-0x000002B5D5900000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2564-219-0x000002B5EB900000-0x000002B5EB902000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-293-0x000002B5ECE60000-0x000002B5ECF60000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2564-221-0x000002B5EB910000-0x000002B5EB912000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-327-0x000002B5ECD60000-0x000002B5ECD80000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2564-326-0x000002B5ECD60000-0x000002B5ECD80000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2564-368-0x000002B5E6AC0000-0x000002B5E6AC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-370-0x000002B5ECE20000-0x000002B5ECE40000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2564-389-0x000002B5E6730000-0x000002B5E6732000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-391-0x000002B5EB400000-0x000002B5EB402000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-213-0x000002B5EB7B0000-0x000002B5EB7B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2564-104-0x000002B5D5800000-0x000002B5D5900000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4236-61-0x0000021AE68B0000-0x0000021AE68B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4236-64-0x0000021AE68E0000-0x0000021AE68E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4236-66-0x0000021AE6A00000-0x0000021AE6A02000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4236-68-0x0000021AE6A20000-0x0000021AE6A22000-memory.dmp

    Filesize

    8KB

    Download