Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

R.E.P.O/Mo...tor.js

windows7-x64

3

R.E.P.O/Mo...tor.js

windows10-2004-x64

3

R.E.P.O/OnlineFix.url

windows7-x64

6

R.E.P.O/OnlineFix.url

windows10-2004-x64

6

R.E.P.O/On...64.dll

windows7-x64

1

R.E.P.O/On...64.dll

windows10-2004-x64

1

R.E.P.O/REPO.exe

windows7-x64

1

R.E.P.O/REPO.exe

windows10-2004-x64

1

R.E.P.O/RE...ss.dll

windows7-x64

1

R.E.P.O/RE...ss.dll

windows10-2004-x64

1

R.E.P.O/RE...rp.dll

windows7-x64

1

R.E.P.O/RE...rp.dll

windows10-2004-x64

1

R.E.P.O/RE...bx.dll

windows7-x64

1

R.E.P.O/RE...bx.dll

windows10-2004-x64

1

R.E.P.O/RE...64.dll

windows7-x64

1

R.E.P.O/RE...64.dll

windows10-2004-x64

1

R.E.P.O/RE...ts.dll

windows7-x64

1

R.E.P.O/RE...ts.dll

windows10-2004-x64

1

R.E.P.O/RE...th.dll

windows7-x64

1

R.E.P.O/RE...th.dll

windows10-2004-x64

1

R.E.P.O/RE...ty.dll

windows7-x64

1

R.E.P.O/RE...ty.dll

windows10-2004-x64

1

R.E.P.O/RE...on.dll

windows7-x64

1

R.E.P.O/RE...on.dll

windows10-2004-x64

1

R.E.P.O/RE...3D.dll

windows7-x64

1

R.E.P.O/RE...3D.dll

windows10-2004-x64

1

R.E.P.O/RE...at.dll

windows7-x64

1

R.E.P.O/RE...at.dll

windows10-2004-x64

1

R.E.P.O/RE...me.dll

windows7-x64

1

R.E.P.O/RE...me.dll

windows10-2004-x64

1

R.E.P.O/RE...es.dll

windows7-x64

1

R.E.P.O/RE...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2025, 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    R.E.P.O/OnlineFix.url

  • Size

    46B

  • MD5

    59bf167dc52a52f6e45f418f8c73ffa1

  • SHA1

    fa006950a6a971e89d4a1c23070d458a30463999

  • SHA256

    3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e

  • SHA512

    00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4860
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc58546f8,0x7ffbc5854708,0x7ffbc5854718
        3⤵
          PID:2928
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
          3⤵
            PID:512
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3740
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
            3⤵
              PID:3160
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
              3⤵
                PID:4260
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                3⤵
                  PID:2240
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                  3⤵
                    PID:3172
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5252 /prefetch:8
                    3⤵
                      PID:5368
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
                      3⤵
                        PID:5680
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 /prefetch:8
                        3⤵
                          PID:5900
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:8
                          3⤵
                            PID:5108
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:8
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2536
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                            3⤵
                              PID:4560
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                              3⤵
                                PID:2972
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                                3⤵
                                  PID:5248
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                  3⤵
                                    PID:5256
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5740391153520780818,10150846568930725713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4260 /prefetch:2
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4420
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1956
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4924
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x4b4 0x300
                                    1⤵
                                      PID:5512

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      010f6dd77f14afcb78185650052a120d

                                      SHA1

                                      76139f0141fa930b6460f3ca6f00671b4627dc98

                                      SHA256

                                      80321891fd7f7c02dd4be4e5be09f8e57d49e076c750f8deb300be8f600de2d7

                                      SHA512

                                      6e6c9e348e948b946cfb97478698423e1272c4417bc8540e5daa64858e28be8fda5baf28538aee849f8bb409c17a51c60e48a3f1793e3a86cb27edeb32aa30a5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      f09c5037ff47e75546f2997642cac037

                                      SHA1

                                      63d599921be61b598ef4605a837bb8422222bef2

                                      SHA256

                                      ba61197fff5ed487084790b869045ab41830bdf6db815503e8e064dd4e4df662

                                      SHA512

                                      280bff6eac4b2b4fe515696223f61531f6b507c4c863ad9eef5ab0b1d65d264eba74fb7c9314b6920922142b8ab7605792211fca11a9a9ef0fc2ae995bf4f473

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      912B

                                      MD5

                                      b15a8cb44d3ea699bac034417057ea01

                                      SHA1

                                      c531187d40673937e71a07a40075a148adc51116

                                      SHA256

                                      05a21d8bbbd5b0ec0d86e8766e6ddeea53f44569220d756fb34dbad08bbd9afd

                                      SHA512

                                      e935e86beab5f812043d46ef99739764c90745b5b1a31e6c964547bb923b819ca84af41ed6963792f7fc486325b5be9744c9cc2d284749c3adf831f11b6700a0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      2KB

                                      MD5

                                      eaecd98ffba8ff2e038ef5554d363502

                                      SHA1

                                      755b4336245abe1859df3a5a41add7a6e2bde35a

                                      SHA256

                                      c9cdd6f3ffd7584d92b7a3601c87391e63523771ca77bdbb362a99a8646d7a80

                                      SHA512

                                      a7becb388068fb62b08556c912ea33802c6719609edbaffa97760ad1dcc31fe2b31ac45236e8f0f415efb291fd1b817df4dfa1d933f3f448ca031d02f10a50a3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      f41b8a556777923b798ee7231388c283

                                      SHA1

                                      16fe69e9f4147ac340c4b7f538bb07bb84c345d9

                                      SHA256

                                      fafc5059964e41e892268d946980f50d87114258365d608d9d3bed1fda370fca

                                      SHA512

                                      1817e0dd15f7fc89c600428b871db659a319d51c496c14f6b9a9a44ef07fcaa6a047b44b00e85f523549f3aa205a46ee999e69626589f0dbe339d99b6c78aa1f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      f2228352013def0ec35709514552ae1d

                                      SHA1

                                      3cd4c018ad7fe4bcc7945a1fe7baf3de05ef1e2e

                                      SHA256

                                      eab724448e3e95e4b715d577d01c83106d6f3eea7cdeaacf2d68d8890a2a9df1

                                      SHA512

                                      553585f6381e55cb51bb0c06873485d0a9462f94ee9bdaaf6765f4a6b1f83b8424d1307799ba292dd35fc1e04bc7c5b8b2703256f88eda5b0367867a711729bd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      a9124bf005664a5eb09189949e635cfe

                                      SHA1

                                      ae6cec0d2b6738d6b46e688e0fc384a3dd339d41

                                      SHA256

                                      e04b921b0758a2d0dc84bd1a10414901f18eee0a7cadac2b46946252ea77210c

                                      SHA512

                                      38e3f90827fc24e6f2f4b7fe94610266612e91c9f7a419246f60f3406ad52f597c60eeceda415dbb8989ad561142045f3863b054f41bb9abcc2f98ac2c7345a4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583b2f.TMP
                                      Filesize

                                      1KB

                                      MD5

                                      c1ef34a74b6d250a097f3af4109f10b9

                                      SHA1

                                      f8294ff6d76576c01981f040ef3bf7abb92e9713

                                      SHA256

                                      9a4545e866bd89452e17c8262c8bc0e5e3bcb6200e22505d61c2de8105a50962

                                      SHA512

                                      e3e1a92314ccf8745d1ceffe442be190ec18e940d48a7bc38b89032af8001f0b5a5b5d12fec9c0a43573cebacdba0c679ca30826a5b3ca9d7bca67cb151f3691

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      e5aaff8b492ac670d0f5d9b118b8108d

                                      SHA1

                                      eeecaa265d1633fae49c2921836a5b3fac0c6ea4

                                      SHA256

                                      10dec0136b97c6e30b5812b41a6ab0662b6a5557191ffa33528a269bf414ab10

                                      SHA512

                                      9e72adda692294de8338bd8034401fe7f44b97e099b980004b7c7c9e2c071d5ac71fb1d5c7d7412a4a09bf248fb12c52207e7d554c6d36b16c69ff296ea4469d

                                      Download Submit