Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

https://github.com/J...

windows10-1703-x64

8

Resubmissions

06/09/2024, 08:22

240906-j9n26awcnm 8

06/09/2024, 08:08

240906-j1snzswarf 8

06/09/2024, 08:05

240906-jy7ecsvfpr 8

06/09/2024, 08:04

240906-jyjy3awajd 3

06/09/2024, 08:04

240906-jyez4svfln 1

06/09/2024, 08:02

240906-jw61tavhmc 8

06/09/2024, 08:00

240906-jwf5dsvhkb 8

Analysis

  • max time kernel
    18s
  • max time network
    42s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06/09/2024, 08:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/JaredWestley/HWIDSpoofer/releases/download/1.0/HWIDSpoofer.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in Windows directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://github.com/JaredWestley/HWIDSpoofer/releases/download/1.0/HWIDSpoofer.exe"
    1⤵
      PID:4852
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4568
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      PID:5032
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HWIDSpoofer.exe
        "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HWIDSpoofer.exe"
        2⤵
          PID:5308
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1092
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3532
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:5012
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:4416
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:372
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:212
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
          PID:3464
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          PID:4324
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          PID:1288
        • C:\Windows\System32\rundll32.exe
          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
          1⤵
            PID:5740

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
            Filesize

            4KB

            MD5

            1bfe591a4fe3d91b03cdf26eaacd8f89

            SHA1

            719c37c320f518ac168c86723724891950911cea

            SHA256

            9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

            SHA512

            02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml
            Filesize

            74KB

            MD5

            d4fc49dc14f63895d997fa4940f24378

            SHA1

            3efb1437a7c5e46034147cbbc8db017c69d02c31

            SHA256

            853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

            SHA512

            cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\B2OM1JT7\favicon[2].png
            Filesize

            7KB

            MD5

            9e3fe8db4c9f34d785a3064c7123a480

            SHA1

            0f77f9aa982c19665c642fa9b56b9b20c44983b6

            SHA256

            4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

            SHA512

            20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VDRT9NLZ\favicon[1].ico
            Filesize

            758B

            MD5

            84cc977d0eb148166481b01d8418e375

            SHA1

            00e2461bcd67d7ba511db230415000aefbd30d2d

            SHA256

            bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

            SHA512

            f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF6EA25C2EDF7B3923.TMP
            Filesize

            60KB

            MD5

            1241bc48f6dd0092ac0a11f194110500

            SHA1

            827484d72bc872723d1e2d7936c89ed0f0a8029a

            SHA256

            0f84e45d7e2bd9c39c8a88403d49dc461094fdd9bc52929ef8b6a478d1e5b791

            SHA512

            f7c264f93e66e39cda89c3c2b616b4ca0282e3671e2ed682856c8d3b0ea86674a10b657933f8d35c457560d660149c602aea51f2313da75a6a79e1250eafddd8

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HWIDSpoofer.exe:Zone.Identifier
            Filesize

            617B

            MD5

            b19c9f4c4cef7b701c444c5e9eacae4e

            SHA1

            0f2ef6d522c70398d61d56b8f7b39459c2c925b2

            SHA256

            28fa50d54998255e4281365570f28c81c575a71340ccfea499fa799dbe25e7ed

            SHA512

            4f60c04bb51ef92d6d7aad04246c9ba53a62198699d2efafbd4f954bbc1edbdba0f6109ccb4af88cb0374b4960058fab6f899f4cb6db2bedeaade52fc0b3dea6

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SRHUE719\HWIDSpoofer[1].exe
            Filesize

            995KB

            MD5

            73598365e7be8f06f79b4bd81ef86341

            SHA1

            354adaea812528d9e5bb3cbf5c5fec7b144cfa45

            SHA256

            127e0c260765a58e3916eea7b5f4a6edd447504d372f24ff4d78b9068d54dece

            SHA512

            456bfc208b6abe9ea45b18492a6d32a9008245412c81dc60c1df18e138099a0a81a2eecc04849300b65f32da515f795471c227eb3346cada5d4d6b68c743f63a

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
            Filesize

            471B

            MD5

            1cf096efdf87a0617071b48fbc405416

            SHA1

            7c979c06865b7d569acd02ddd2b7d6138c651d82

            SHA256

            db460718544d6b07718fe306a6186b8e5244a76fd03cbf48cb6a584ec46cfdaa

            SHA512

            ee2b55212dc5a68ac57eb151d0f0079648b6675b112d67b77b52fa1da75b1709cc96936011cc5ddc761cf80d304001fb510cdc157871e03f9e352ce2e188e2a5

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
            Filesize

            412B

            MD5

            4ddc67e5e8f0320d2ac20a1aba4b79bc

            SHA1

            b150edab416fc64bf6a021c26dfbf1189fa64ef7

            SHA256

            0160fe9524e38fce7f97f82bbf008e0d7753610670a179655051f279241133bb

            SHA512

            f8c6da798acfd2c281a51ce48e832bfa0a690b887c8d970a597ab8c6726eb9b44f2bfde29e960d34eb0c3fcef27a2710207b2b45afdeccbf7edf98bbb308314f

            Download Submit

          • memory/212-91-0x00000155B4100000-0x00000155B4200000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/372-122-0x0000021C681E0000-0x0000021C68200000-memory.dmp

            Filesize

            128KB

            Download

          • memory/372-131-0x0000021C78DB0000-0x0000021C78EB0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/372-138-0x0000021C68400000-0x0000021C68420000-memory.dmp

            Filesize

            128KB

            Download

          • memory/372-142-0x0000021C79070000-0x0000021C79170000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/372-152-0x0000021C68F20000-0x0000021C68F40000-memory.dmp

            Filesize

            128KB

            Download

          • memory/1288-301-0x000001EAB9680000-0x000001EAB9682000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1288-303-0x000001EAB9700000-0x000001EAB9702000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1288-299-0x000001EAB9600000-0x000001EAB9602000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1288-305-0x000001EAB9710000-0x000001EAB9712000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3532-45-0x0000020A3EA00000-0x0000020A3EB00000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/3532-44-0x0000020A3EA00000-0x0000020A3EB00000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4568-193-0x000001EFF3180000-0x000001EFF3181000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4568-389-0x000001EFE9980000-0x000001EFE9982000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4568-396-0x000001EFE7B30000-0x000001EFE7B31000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4568-392-0x000001EFE9900000-0x000001EFE9901000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4568-16-0x000001EFEA720000-0x000001EFEA730000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4568-194-0x000001EFF3190000-0x000001EFF3191000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4568-0-0x000001EFEA620000-0x000001EFEA630000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4568-35-0x000001EFE7BF0000-0x000001EFE7BF2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/5012-72-0x00000251B3F50000-0x00000251B3F52000-memory.dmp

            Filesize

            8KB

            Download

          • memory/5012-64-0x00000251A3E30000-0x00000251A3F30000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/5012-70-0x00000251B3F30000-0x00000251B3F32000-memory.dmp

            Filesize

            8KB

            Download

          • memory/5012-67-0x00000251A3CE0000-0x00000251A3CE2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/5308-307-0x0000000001800000-0x0000000001814000-memory.dmp

            Filesize

            80KB

            Download

          • memory/5308-252-0x0000000000FD0000-0x00000000010D0000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/5308-298-0x000000001BFA0000-0x000000001C0EE000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/5308-288-0x0000000003320000-0x00000000033A0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/5308-403-0x000000001D130000-0x000000001D182000-memory.dmp

            Filesize

            328KB

            Download

          • memory/5308-404-0x000000001EC80000-0x000000001ED2A000-memory.dmp

            Filesize

            680KB

            Download