Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Lossless S...ks.dll

windows10-1703-x64

1

Lossless S...ss.dll

windows10-1703-x64

1

Lossless S...ng.exe

windows10-1703-x64

7

Lossless S...er.exe

windows10-1703-x64

4

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Lossless S...es.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    599s
  • max time network
    505s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/06/2024, 23:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lossless Scaling v2.9/LosslessScalingBypasser.exe

  • Size

    52KB

  • MD5

    b89aac4b4b4738937e3a3901db37b7bb

  • SHA1

    58cb9024e6959cecddfb7ca2fe8d5821458fb727

  • SHA256

    de1c2dfbba1eac61a7e0a40d724578619165a927465ad6a3ca0782f23f3043f8

  • SHA512

    547c5ef22b4709c0ba2acfc2549d303c5b8bebef2cdbfea9968a85b5c7d373f8ff5b7c234d68a2d31b9da0abff56d5fec70a82d8613ab81ab47ea706a2b268a1

  • SSDEEP

    384:1mOmaYQZc69XGTExlw+TkmIbfWYvn58oCmDkUBPywC/ziEQKCKcFW:owve6rlT8bPZaiEQKCKmW

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lossless Scaling v2.9\LosslessScalingBypasser.exe
    "C:\Users\Admin\AppData\Local\Temp\Lossless Scaling v2.9\LosslessScalingBypasser.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Users\Admin\AppData\Local\Temp\Lossless Scaling v2.9\LosslessScaling.exe
      "C:\Users\Admin\AppData\Local\Temp\Lossless Scaling v2.9\LosslessScaling.exe"
      2⤵
        PID:4436
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1736
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3688
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3808
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:708
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4612
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4168
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1220
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:1916
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4252
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1708

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MYJTK6TO\dotnet.microsoft[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MYJTK6TO\dotnet.microsoft[1].xml
      Filesize

      84B

      MD5

      f8a37bf48fd268ee8254264a428cd2fc

      SHA1

      3a79019a160625fc3bb32726cfb4c924eb600263

      SHA256

      70e2db353d94899d2f7c44b152f017501c34c83bef0633b445532a84f85780aa

      SHA512

      a9a42263255377f38318f65a56e310d71b726b59cf3a7ab3a16b7a09843655589967cb5cd299a7d03736609fbf00d9c83fe0106b1004643a3e2037af9d8fc391

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\A2RQPS9P\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EFIL538M\favicon[1].ico
      Filesize

      161KB

      MD5

      8565042b6db20c23647202bf4b95f11b

      SHA1

      9f0829cb3ceef14ac10e0b66338d8b7243a09101

      SHA256

      dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969

      SHA512

      dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\hb7r7bl\imagestore.dat
      Filesize

      43KB

      MD5

      f1f0fa62d3b1702d9de8d38438221f41

      SHA1

      52e464297968ab0a312d7ff92d49ef270e890865

      SHA256

      34f9ebcf6414d011dda91a7fe71baf8ba21f077fafbfbeed8a75db85d48b1b0c

      SHA512

      06ff5007ee34a201ef3ebad04b4c1356e7415ea2a1e20b45d002971676c218c2ded586310a164bb9eb8ca28edc33b0a153fae042387174871a01d28ee5afff43

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HK9K3DVC.cookie
      Filesize

      247B

      MD5

      484fcbdc1a88e3ae2c07355716b31408

      SHA1

      4dbda2aee3193f4dd7371dcccdd614e08e320831

      SHA256

      42b813022a2bc7d1a400536d0387287adaac241e0598256576b057b1acc063cc

      SHA512

      e40d597d68a9bd7e2d4370968575e69615dedbcc1a1198973cb78c1553207162397f3146ef12e4fc513b94259aaa627ce093840045214b7a95390b511c4cca92

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LU2G20PZ.cookie
      Filesize

      560B

      MD5

      d2548fa1ea68904cba9c6ea28d4ffb32

      SHA1

      0e9cdf7a7de49f500f452b71445fc2f42ef7e54f

      SHA256

      ef7afbd72552676c6c035b00e3a5fab6b3997a520b584052372fbcfaf1d96a30

      SHA512

      45937746973c7fb2383c2a36d7653a28a21c1e1bd3e36ad6d021926e02d6abc7a60108c7b0c8a564dc36dac9764322541ace5522a621eb62c2084170a948187c

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
      Filesize

      471B

      MD5

      e4aab687777767aae1e948c7a567a284

      SHA1

      84104723a3188e50eca444c81a2199137f445364

      SHA256

      ba655a0ae56281a0b45f2974557e2764cfddb8cf7c20f59729d5bf44c0c304e5

      SHA512

      8458fda3de9dc783fc66f784b4d8fd97bbf828106a2209870c5ddd27281da9d2e8c0858deda00e6146a66fb6a5fd02fc87362d6a5cc4c5e2981c9c37f9af73e4

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
      Filesize

      471B

      MD5

      972258edbb685f2083ff4f67d8ebfff1

      SHA1

      fce3511b6dc5d5db713e26de3fe0e4cde0f80ca2

      SHA256

      d910ea290d03606c9c08af131be82a4d1aa85f41a604ff4917fe05dfdad334e3

      SHA512

      553c17b9f2083a978d69444a02369df97f500e29b7fccc8c1feaf0503331222c45127b52ecf4470a1865fc2df77da755f131b42d1a35f2a5a029c4fcdad8faff

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
      Filesize

      412B

      MD5

      8c9c2aed186088773c92956f0dd4629d

      SHA1

      6aa5d97f33c1b12f9ef456e876edbe916334b4c7

      SHA256

      67a73dfbb8ccf21a9306197f536be899e88945b8de12b5eae43a6162856d74e7

      SHA512

      93625488eeebdba47b76ddbea8422428e2fd3ae702bf2608c02bbee11614301bc1e182f7fe58a03d814951e7640c4e35ea3daf98760be6b02192021201193dd7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
      Filesize

      412B

      MD5

      9197de3c947b639c1968bb0234871571

      SHA1

      335a3b3a88a0401490f4199c516c9b181e996d57

      SHA256

      cb27296f1333638fcdf21024d19be906801cdf690b4446f2e48a2533011617a0

      SHA512

      916fb3b9bf42bd36d218c027da476c3ecda767fd73e58e54ecca34059f1b59be444fa606237513a75e9d50527d8e016252de14bb8a3a97cb9dfb91eb2fdc251b

      Download Submit

    • memory/1708-507-0x000001EBC5400000-0x000001EBC5420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1708-512-0x000001EBC57C0000-0x000001EBC57E0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1736-19-0x0000023C1D020000-0x0000023C1D030000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1736-359-0x0000023C24300000-0x0000023C24301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-38-0x0000023C1A4E0000-0x0000023C1A4E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1736-3-0x0000023C1CF20000-0x0000023C1CF30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1736-358-0x0000023C23EF0000-0x0000023C23EF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4168-390-0x000001D85E800000-0x000001D85E900000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4612-179-0x000001FD96CD0000-0x000001FD96CD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-339-0x000001FD97100000-0x000001FD97102000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-337-0x000001FD970F0000-0x000001FD970F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-328-0x000001FD97D00000-0x000001FD97D20000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4612-325-0x000001FD91C60000-0x000001FD91C62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-283-0x000001FD97C40000-0x000001FD97C60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4612-284-0x000001FD97C60000-0x000001FD97C80000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4612-248-0x000001FD97F00000-0x000001FD98000000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4612-201-0x000001FD92240000-0x000001FD92340000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4612-171-0x000001FD96AD0000-0x000001FD96AD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-173-0x000001FD96AE0000-0x000001FD96AE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-175-0x000001FD96AF0000-0x000001FD96AF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-177-0x000001FD96CB0000-0x000001FD96CB2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-181-0x000001FD96CF0000-0x000001FD96CF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-183-0x000001FD96E10000-0x000001FD96E12000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-167-0x000001FD96A90000-0x000001FD96A92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-169-0x000001FD96AB0000-0x000001FD96AB2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-165-0x000001FD965F0000-0x000001FD965F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4612-63-0x000001FD80C00000-0x000001FD80D00000-memory.dmp

      Filesize

      1024KB

      Download