Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://photospace.l...

windows10-1703-x64

4

https://photospace.l...

windows10-1703-x64

8

https://photospace.l...

windows7-x64

1

https://photospace.l...

windows10-2004-x64

10

https://photospace.l...

windows11-21h2-x64

10

Analysis

  • max time kernel
    182s
  • max time network
    187s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/07/2024, 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://photospace.life/P3Y1A5

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 46 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://photospace.life/P3Y1A5"
    1⤵
      PID:1644
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4568
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4972
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4936
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3676
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4332
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:2844
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:5064
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:1908

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y74PW0K\hcaptcha[1].js
      Filesize

      380KB

      MD5

      e5f6f819663927b1cb8f28843f35aa64

      SHA1

      e171ae6690d1752ab28414444d623181ff808593

      SHA256

      c2aee5e4e7e4c0b6e15d4645e62ac949441031c1c966451f988885a43c13b099

      SHA512

      8e48046e21a08ae5ff5728906e7dba45f04cb9ffdccbadbc010bca68f89779dc9800f835793048d328639ca66fca620e76c41d03371e9419f910cce4c1975466

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NA9L9PSJ\ify[1].xml
      Filesize

      356B

      MD5

      d15d83ff1f4e99f0c9464dcaaabc68c2

      SHA1

      563eb53db1c1dba3dbde85256950697e9df915e3

      SHA256

      fe3d222c980732b6e54deafbb47396b40a7b47c4165811fc30e75f70a3d447cf

      SHA512

      923f4c2c1cb186cc1da322989efdf3a3c4bbced04895c1bfb53b0f8b4b95187aaf6aa9aea94768a27c43a11409e186275ac222541bf19d5f1c2cd2018f10b488

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NA9L9PSJ\ify[1].xml
      Filesize

      1KB

      MD5

      f06b69d5703aec77d7c4769f01c34696

      SHA1

      df74ed77cd9511d301e1d443e5c93ba489fc40fb

      SHA256

      ef36a39e4eeecc935be253eb600f65491ff491e8137f4f984334330c64178301

      SHA512

      ab5f2ef684a9531d4ec63878c9515094e5169f45f4c9ea2c9ecc37fabc3b934f38042e81cde1baae00c63f0874c36f4de3034609fb48a77a41268f59d4a9fd09

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NA9L9PSJ\ify[1].xml
      Filesize

      1KB

      MD5

      81defa328b5704433700d7bb8e55b787

      SHA1

      2869bc265df7520aaaa1d8ac87c8ca8cf5f8ed7c

      SHA256

      1c71ad92a7415dbf86ae87ea8cdeaac8ef537f1f69ad121c2f9b6e99438d55b0

      SHA512

      b8f5603467fd4cbfb65842e21571e6cfff36c91ede49675c9f8561d06807e37aa6b52b18a9c34022e06e6ec61ee011c026fdf293e286289932c45b416c2f8d0b

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JI1HXH4O\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X5D7Z02J\favicon[1].ico
      Filesize

      14KB

      MD5

      de5a68ecf1315791471000eea42de65d

      SHA1

      3f3e7239d7ec1702868f51e9d28e528c6c60e984

      SHA256

      fb94090003c3fd820119448548cb3f11a37304608d1f7401824111f53cfbe61f

      SHA512

      0b5b8b073714ec8e0cd1992d722c669515ce589d14f4dc224e9c1830c4aa8d3473c441758f8128f381607c85acfd015b1fa0f271c4595c33f4d162eab69f2501

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
      Filesize

      717B

      MD5

      822467b728b7a66b081c91795373789a

      SHA1

      d8f2f02e1eef62485a9feffd59ce837511749865

      SHA256

      af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

      SHA512

      bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
      Filesize

      299B

      MD5

      5ae8478af8dd6eec7ad4edf162dd3df1

      SHA1

      55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

      SHA256

      fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

      SHA512

      a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
      Filesize

      1KB

      MD5

      7fb5fa1534dcf77f2125b2403b30a0ee

      SHA1

      365d96812a69ac0a4611ea4b70a3f306576cc3ea

      SHA256

      33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

      SHA512

      a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
      Filesize

      436B

      MD5

      1bfe0a81db078ea084ff82fe545176fe

      SHA1

      50b116f578bd272922fa8eae94f7b02fd3b88384

      SHA256

      5ba8817f13eee00e75158bad93076ab474a068c6b52686579e0f728fda68499f

      SHA512

      37c582f3f09f8d80529608c09041295d1644bcc9de6fb8c4669b05339b0dd870f9525abc5eed53ad06a94b51441275504bc943c336c5beb63b53460ba836ca8d

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
      Filesize

      192B

      MD5

      8dab7d1890ba2976359f6669625cf64f

      SHA1

      108aa527ed4a676a9ebafd2fdf5251e22ce99142

      SHA256

      a06d9949dd31274569f7b3528aeee86d7fb6af6be515b9af9ed8116dc4108c17

      SHA512

      b6a30dd9736b8685b99b75d413e1a53fec4693e2cf5a3ca2b4b6ee91eb37e901671e80041f9827b775cc5a35774b19a96cb3e239899b1e785ab978752f580443

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
      Filesize

      192B

      MD5

      6dfe43a7c07f536eb7cb1c75404e048a

      SHA1

      3e570fa76c6b2bc594ca772e6ff481afb939820b

      SHA256

      d8b932f5b0279cb8ac1be1cba5cb6575a16bfbd225c6058f916975cf83afabc6

      SHA512

      9add5b552cdc6b7baf376300bc186861fbe6435a60e52b3900fe1f9450973dab4e6f275a98cc3f4972766c27aa58518b1ea957e1a209252072e23ae9686d1d35

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
      Filesize

      174B

      MD5

      293e10ce64af051166ba6ef7bc81cd24

      SHA1

      b02ae5173b823251723759d849c91bc3b35aceb9

      SHA256

      56b215135ae4c7b6ac441dc413a1b0ad4a86309898f8851edb64fcd3f5ba4efa

      SHA512

      41cf774b150f1e9f2914a4213cac1ff8b0bc4b5feea48e753e14138b01242d813a53ff9bba63450ac298c9fa88f4b35849353be0c53317124278e4a10c0c6fe6

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
      Filesize

      170B

      MD5

      dddc02de780e03430a5d05535559fc6e

      SHA1

      b64ae5d4a7c0db59862dd109f41fc0202ca365d5

      SHA256

      e7e7a6d58469211695eaba67a80099b177b8b6935447847c6b0326201132f7fd

      SHA512

      428afb2ca84a6b8a8bfbf965ea783550587e516876eaf5f53ce12f15de48dc11920e73a6e9dcfbeaf6494eb29035d6988c80e86c66c924666ce1e5abe7c2e3f5

      Download Submit

    • memory/3676-45-0x000001A780B00000-0x000001A780C00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4332-132-0x0000019EB50A0000-0x0000019EB50A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-81-0x0000019EA4500000-0x0000019EA4600000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4332-325-0x0000019EA3A60000-0x0000019EA3A62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-323-0x0000019EA3A50000-0x0000019EA3A52000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-78-0x0000019EA3A00000-0x0000019EA3A02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-126-0x0000019EB5040000-0x0000019EB5042000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-130-0x0000019EB5080000-0x0000019EB5082000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-76-0x0000019EA39E0000-0x0000019EA39E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-128-0x0000019EB5060000-0x0000019EB5062000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-73-0x0000019EA39B0000-0x0000019EA39B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4332-134-0x0000019EB5250000-0x0000019EB5252000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4568-16-0x00000133DB220000-0x00000133DB230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4568-227-0x00000133E1910000-0x00000133E1911000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4568-228-0x00000133E1920000-0x00000133E1921000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4568-0-0x00000133DB120000-0x00000133DB130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4568-35-0x00000133DA310000-0x00000133DA312000-memory.dmp

      Filesize

      8KB

      Download

    • memory/5064-391-0x0000015991EA0000-0x0000015991FA0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-400-0x0000015992120000-0x0000015992220000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-402-0x0000015992120000-0x0000015992220000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-423-0x0000015992C30000-0x0000015992D30000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-425-0x0000015992C30000-0x0000015992D30000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-421-0x0000015992AB0000-0x0000015992BB0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-467-0x0000015981500000-0x0000015981600000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-470-0x0000015993030000-0x0000015993130000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-367-0x0000015981500000-0x0000015981600000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5064-386-0x0000015991600000-0x0000015991700000-memory.dmp

      Filesize

      1024KB

      Download