Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://www.image-li...

windows10-1703-x64

4

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05/08/2024, 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.image-line.com/

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://www.image-line.com/"
    1⤵
      PID:4476
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1816
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2524
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4864
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1476
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:2464
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x3c0
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2744
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:3048
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4692
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4376
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:5116

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0L74PHG9\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZMW2KF0J\favicon[1].ico
      Filesize

      14KB

      MD5

      c2b89cfe67450cf2d30273b93c90804e

      SHA1

      4f0573e02f8b08caa50bf8854f932a0c6d404097

      SHA256

      514b67f2b8e2a3c19d5247b1c67467a13198047b39f5d8d3391a79b16cf3c03d

      SHA512

      617e40ef72f676c022ea821ca35a058665987f06adc639a11237165fc713b3b2d738892d85777e6da02300122571ea27d8e3a78f7b9ce07f241357d91bb412f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3JZOFC5W\10049056-10007574[1].js
      Filesize

      254KB

      MD5

      b0bdc9f21fe04730c2de58c355dee31d

      SHA1

      47e4f655ab24d7b07d03e195cea01c1a208600e4

      SHA256

      b614af0a534353cf7502940f9c316bf394a36a5b74e4277aaf24ea035f22af30

      SHA512

      0932cfefe8126fef46fba1b4f51d48b19f731e592570b215c2539993de078805011f834609dcf78f1fd27c7a289a6aa96057ecf68bdbd0c7079e6485add772a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SSLVZ9Z6\cookie-banner-modifications.ac3574b[1].css
      Filesize

      2KB

      MD5

      6f28b1e16ff4696efb841bbabdb69fb6

      SHA1

      53b3ac8a567110ad086400965ebf65b0c216d7cd

      SHA256

      cac2758d7e45c5b8190a54eeffdbe3d3e6d4e7066921ef05ea57ea2efb45c48b

      SHA512

      e47ac32b2719ee23cb96439a9856ff5cbf1865d4a122288e439b98ce546b8c1bc5cc568aa491694f02d397ed496b8a098af0a507f3c0bc806eabdc22471f2700

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SSLVZ9Z6\gtm[1].js
      Filesize

      338KB

      MD5

      da2b353a58b93995ed9f2ba2a03735d4

      SHA1

      15255ca7cc9c6f7649cf288de37a03ddf986ecd2

      SHA256

      c858817e578cf701243546410960fb3c8d9eb577c1ea5c74399ee096cac57bdc

      SHA512

      8bed6d97242be9e0acc26c143f1a0461a2dc150d5bb0d753e7900ff5fe89601bc86129473bc734904b92156cbf125401fc81cc73d7b97c775c390e68e870fad7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZEVMLKHW\main.5f22a82[1].js
      Filesize

      155KB

      MD5

      b376af32fe495adfc95f8b291afd25ef

      SHA1

      f4b51ddbeab23be361316c78f2edf79c95575efc

      SHA256

      05773b731871ae81f43300e113ee2f667717c2847c60d8a1e8e2414770618c2d

      SHA512

      bfaf96dcc570fbde9a83f5168bc8fbd5e7fa5cfb8e3175863de277b14311ae88e4ae36a5fe900116cdacafd783f2f503571265e712c7385690655ddbaa9ef020

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZEVMLKHW\main.8efe398[1].css
      Filesize

      91KB

      MD5

      6a92d67ec356016c571a58a56bff3d56

      SHA1

      5d0f3e6d220da3a02c141fca28b646aa51d3a6b6

      SHA256

      b487b93b03abee7c204ad983a6204c847e14daee1d5c8836b9b57c2e4a37c792

      SHA512

      f93824d5fee0f233c34f3fa04312e9c08f4b6a7c4e5715397e88d9b2111ff18273e1fa0ae3e1bb494993964c2eb399eed13c44bffe196b1a678f5775ee1c5e89

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\KFZVZI01\www.image-line[1].xml
      Filesize

      101B

      MD5

      1e2253caf6bcda602c41627bced8ab42

      SHA1

      8f098564878af5f768c542afdfc33ac32f10a7cc

      SHA256

      1dcefd4eb57e88d7af790c4a49bfbfd693f36791c83676085e06faeb6f73d8b1

      SHA512

      c5b921efaffdc7f35bfdeb081684d3f26200d843fbda20dc6674cbb0d10878080ab0c1a730fa394c6fed441f9b2be85be598be60cfafad4188b729c5cf1226fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
      Filesize

      1KB

      MD5

      7fb5fa1534dcf77f2125b2403b30a0ee

      SHA1

      365d96812a69ac0a4611ea4b70a3f306576cc3ea

      SHA256

      33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

      SHA512

      a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
      Filesize

      436B

      MD5

      971c514f84bba0785f80aa1c23edfd79

      SHA1

      732acea710a87530c6b08ecdf32a110d254a54c8

      SHA256

      f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

      SHA512

      43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
      Filesize

      174B

      MD5

      b6c1cc013d6bd2e778749299d02597c1

      SHA1

      10113c6c4c228897c0fd47f55429fabd10231e4b

      SHA256

      81f958f64bdd817d5a1022f5ada26d2c552644b1772d65836c2614b262bee036

      SHA512

      78ac3721eccc45ae921cf241e1979eadc5d31fc63a14cc237544ce6f6897a886cadcba680abd2d1e288eb36795d7687ef2709ce692f69f0283f081a6f0eb0c09

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
      Filesize

      170B

      MD5

      9227a5a0c8a7ee22871ef1d9d30c5aca

      SHA1

      52edc1eff8a29963d08ee80d2d0a1b439abd9275

      SHA256

      74dfe1a76137b44b11f639de63eb5ebbc1acbba43730fd2d47c56f32c71cc863

      SHA512

      67b50d5541573c7f1c9b9cff90e90aace9991b768781b31cb4b610378f9b6473ef26bb6a36acc03944ba81af426d37a6bb4f3a381e76437135a19fbc94adbb5c

      Download Submit

    • memory/1476-44-0x000001A99E200000-0x000001A99E300000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1816-0-0x000002117C920000-0x000002117C930000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1816-35-0x0000021179DC0000-0x0000021179DC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1816-179-0x0000021105460000-0x0000021105461000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1816-178-0x0000021105450000-0x0000021105451000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1816-17-0x000002117CA30000-0x000002117CA40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1816-188-0x0000021104F10000-0x0000021104FA1000-memory.dmp

      Filesize

      580KB

      Download

    • memory/2464-129-0x0000024EB1400000-0x0000024EB1500000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2464-122-0x0000024EAEE80000-0x0000024EAEE82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-208-0x0000024E9D940000-0x0000024E9D942000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-71-0x0000024E9E380000-0x0000024E9E382000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-220-0x0000024EAE9A0000-0x0000024EAE9A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-222-0x0000024EAEFF0000-0x0000024EAEFF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-218-0x0000024E9E3F0000-0x0000024E9E3F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-216-0x0000024E9DC50000-0x0000024E9DC52000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-224-0x0000024EAF040000-0x0000024EAF042000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-226-0x0000024EAE950000-0x0000024EAE952000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-120-0x0000024EAEE30000-0x0000024EAEE32000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-189-0x0000024E9DB00000-0x0000024E9DB91000-memory.dmp

      Filesize

      580KB

      Download

    • memory/2464-118-0x0000024EAED10000-0x0000024EAED12000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-124-0x0000024EAEEC0000-0x0000024EAEEC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-126-0x0000024EB06C0000-0x0000024EB07C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2464-130-0x0000024EB1400000-0x0000024EB1500000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2464-128-0x0000024EB1400000-0x0000024EB1500000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2464-91-0x0000024EAFDB0000-0x0000024EAFDD0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2464-69-0x0000024E9E360000-0x0000024E9E362000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2464-77-0x0000024E9E3D0000-0x0000024E9E3D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2524-214-0x000001E7A31D0000-0x000001E7A3261000-memory.dmp

      Filesize

      580KB

      Download