Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
116s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
01/03/2023, 03:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.lamtec.ru/
Resource
win10-20230220-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
http://www.lamtec.ru/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133221204159100871" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2932 chrome.exe 2932 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe Token: SeShutdownPrivilege 2932 chrome.exe Token: SeCreatePagefilePrivilege 2932 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe 2932 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2932 wrote to memory of 3036 2932 chrome.exe 66 PID 2932 wrote to memory of 3036 2932 chrome.exe 66 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 3236 2932 chrome.exe 68 PID 2932 wrote to memory of 4724 2932 chrome.exe 69 PID 2932 wrote to memory of 4724 2932 chrome.exe 69 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70 PID 2932 wrote to memory of 4688 2932 chrome.exe 70
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.lamtec.ru/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8dddb9758,0x7ff8dddb9768,0x7ff8dddb97782⤵PID:3036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:22⤵PID:3236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:82⤵PID:4724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:82⤵PID:4688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2712 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:12⤵PID:4184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:12⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:82⤵PID:3420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5024 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:12⤵PID:4404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1772,i,18059415576404945773,5151492458461014235,131072 /prefetch:82⤵PID:4912
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4808
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
360B
MD59be7527154b9dc54f0875e66b7efb5ef
SHA12f87f97a054d9b5751668933bfd4af8f7672b171
SHA25653fbdb95cbb79b69b3aac89f5c2765340fbe1d000f1dd31a10522f07ec4aab9f
SHA512395c06a78136246c35ed7609c14e2362d7a7602a74d5ec5ef68423678cbb450f396c48355d8668a785ae111cb4915d6ee527df9e97a6248d2d38ed9b85e1f43d
-
Filesize
1KB
MD55f18d53efb3c13269e462558ac50fec3
SHA19f7ea875a22ed32c52cc68c49695b5263d9a4052
SHA256ee6410198e069dc350cc71b11e575ef7232dc8b6ee451c15437fd9e47981549a
SHA512fa3c0a993fc8381a82d00bb6f0af90d4fef1860d4b4cda1cf32393febf06a2c1094ed0e2b5cf01d3e57bc9854ba498187772f0c904ba6da80e6c175d1e36b04e
-
Filesize
536B
MD5e5d1657fa194dc6bfca6df4e6ba1f39a
SHA13a86ef4cc089a2b862ded5f8c885a204cbb91836
SHA256dba4c9a902dbff4b61dd3ffb23f9a9b4ed27fcd17057707351ca8f57cb8b4960
SHA51274774f9bb86924e15eda01b385478461ddff15e27f4ecfe7d1e82a22626b7a4c023f88c8e29a3409a40d33f36e78ae3191b1a465973c4e3e28100a1d872a28b5
-
Filesize
5KB
MD508c602cad1f79da49c1fd43d57e97690
SHA118ab110b750193fbbb1502101dd012ec1f1f65ce
SHA2563368605b25ee31a919ac81fe00166af3ed3ffc7e51290450b44b264ed5a962e6
SHA51203f375d91d1606c12137dedb7fdcf684f6b896f3ea00c3880f5ba14c9e076847c0fec992271ac6e2387f2afacb5ba9cde5bc47802fb947b3ffb9749703285468
-
Filesize
5KB
MD5fd00f5ad29c6a00f6b15896adab08c12
SHA1cf87a538bfbdfda02ba7feef023d820f9e17b225
SHA256c3dd61b6d642865e8036d04fef3bd77ddd38dc910c728bb01db2cbe1d7cd6680
SHA512be0254ab74207ce95fd86f70fc3976e9dc97ea2d59c7f8fa705ed86be58708d4ed5158a0e48e1864ba128dd64b642f3b9c6b59ab325cee86bb57315de07147af
-
Filesize
5KB
MD5dab917bf2c531ee09948a4d119b03bc7
SHA1cfc4c859150f33614b03eddf7afecb20042555e3
SHA2564291fcdfce8b8728169c3911ca6d86efe258a3ae250b6d9ac304a7f4b6dd9a7f
SHA512a73e18590cacb6b99c4f2abfdbc8fc76fd0bc826dbe931ec39ad099428718f664ba1b69287259c70ad03eb4c93251175b500d261cb584b2ec01e86e63f5c72a7
-
Filesize
141KB
MD5b1daa240b7b53a73233509a378a3f613
SHA138a3d120b9a0c0f94a7248eaf2b569e4dda16977
SHA256d3a5bd9e5a5f6ff5607bd77989c1c2de449b3dc59405983d984b4e44f49d022c
SHA512574dd4394f012f80f4d7f89b087f29d9b31ff9f7a5d935d560f9610d049a3b81d44b58364c9d3bc0850d8394ea6be97c423acfe9546fb4c9f16bdd72d2c16f5c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd