Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2023, 23:15

General

  • Target

    http://adfsaz.gskcrons.com

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://adfsaz.gskcrons.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9136f9758,0x7ff9136f9768,0x7ff9136f9778
      2⤵
        PID:4456
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:2
        2⤵
          PID:3264
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:8
          2⤵
            PID:384
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:8
            2⤵
              PID:4488
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:1
              2⤵
                PID:2096
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:1
                2⤵
                  PID:4104
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:8
                  2⤵
                    PID:4080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:8
                    2⤵
                      PID:3364
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:8
                      2⤵
                        PID:3420
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:8
                        2⤵
                          PID:5000
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:8
                          2⤵
                            PID:4080
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1308
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:4556
                          • C:\Windows\system32\WerFault.exe
                            C:\Windows\system32\WerFault.exe -pss -s 444 -p 3492 -ip 3492
                            1⤵
                              PID:3960
                            • C:\Windows\system32\WerFault.exe
                              C:\Windows\system32\WerFault.exe -u -p 3492 -s 2292
                              1⤵
                              • Program crash
                              PID:4048

                            Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              e82a2ba4d7fccef665c71d12cb175eb8

                              SHA1

                              247338e1d3454c875e6d32128ebd2723100f5924

                              SHA256

                              ff5dfda79a5fc57b3eed0a143af2fe0b67fe67e7485c709a34804380cf0d901a

                              SHA512

                              5b10dbff1d9d9ff31d8a1f5b69c4cd9aefd76ee3c40fbb3739139248407cb1e05e1167d87049dc0b7a14402b44ac4f1fde46da7893ff49ca085c749086987d4e

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              cd19a78280ddb08bcc9fe0c5e70b7f28

                              SHA1

                              c300279e88c4c6e53f9129aceb16c6a55643b9ee

                              SHA256

                              015017a0291c8730c76dbce5a4bff2c8e8bdc5675c86d6cf594f613f886b4ef8

                              SHA512

                              504ccfd01c947c35eb8bcc5638ebf616d3eff6d6eccdedc8830aff7f63e76cd4a7364d5b2b7a1bdca42276af24849b3e38713ae6ae16f16b84c6726e30bcca85

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                              Filesize

                              15KB

                              MD5

                              09d16c84dc59172723c92726a37b2852

                              SHA1

                              624233cd0d0d4a8f766825993a8be6d67f4dae32

                              SHA256

                              e90a5f5afac05c468c0933f4a0bbb2bf78907a3d72cfdabc3e0d9554e5fd4f52

                              SHA512

                              3a0a277d045c19250434884ca60e17374fb7414112bbb436fa3125dc3b03c29f3f7831d537ce2c225a67e4a328a5e4ad59e4a5a1b8d16e572e3e57d62ed74a53

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              164KB

                              MD5

                              93a199109876420c9a9056175bb2698c

                              SHA1

                              4910e088cfa9062d45f934ac6d715a460cf794b2

                              SHA256

                              392c0d72b9a7b44bff05c6da3faab140bd1559357708dfa222460b86e5527667

                              SHA512

                              9e42aa180a55f785ca2f8b9ad37f4d46b86a32c9dfda127a681a95f2878bf2082b0ae3c6c1de36062b4963673108871986124c921655afacd4bb606e5821bae5

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              72KB

                              MD5

                              c13d3120a07ba88e97be92304328eab8

                              SHA1

                              74cd0840aee567971f3564a933b809c32561aec5

                              SHA256

                              f17ddfbb98e0ea544fd0f1c83c8c6c61e7fb5aa0f21b8c5195402ca87cd05eb9

                              SHA512

                              e6e0dc11e216c1d9ff72fd13c7b8570414508cc27272b838b7a4aa6a3cae6e43474bad89c2f9430740245c08eea3b1b725a7dbfeb93e2d338a5f0469f3cf018f

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              144KB

                              MD5

                              4ce11088e234e867c7a9f701bc47df75

                              SHA1

                              4d494b51b18ccc554aae05fbd3ea3e458890e3f8

                              SHA256

                              28cf59bb85cfef6093857b4efd0f87ca739eea226e6e9e90790dc428f63b9c54

                              SHA512

                              8d1c014fca6362e1284b5dc908c582ae890933116673b33664738279d9a0d8d663ebed9141e0441ea18da5f39878d8f5dd79036e2bc2bc5107e25afef8dbc87a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c5580fd3-d1fe-42a4-8481-db3dac51cab1.tmp

                              Filesize

                              145KB

                              MD5

                              edc3f1807163dbb0196d5c87b717ddc7

                              SHA1

                              ad51afb6259eb9002dac1006c593c16e6167725e

                              SHA256

                              5faede99321a91abdc8adf7b7bb82c4df6898499ddb5f68cba0d6aa8ee37fad3

                              SHA512

                              7b893b1c0649c6bdffe1eeef7854dba9881d8e1234512fabac784451d6195220f702aa136dd7cf9def5924162ebca64701bfab80d0333d5d644d17eba3ae1382

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                              Filesize

                              2B

                              MD5

                              99914b932bd37a50b983c5e7c90ae93b

                              SHA1

                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                              SHA256

                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                              SHA512

                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                            • memory/1308-249-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-240-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-241-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-242-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-247-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-246-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-248-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-251-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-250-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/1308-252-0x0000025265690000-0x0000025265691000-memory.dmp

                              Filesize

                              4KB

                            • memory/3264-141-0x00007FF92F740000-0x00007FF92F741000-memory.dmp

                              Filesize

                              4KB

                            • memory/4080-160-0x00007FF930CF0000-0x00007FF930CF1000-memory.dmp

                              Filesize

                              4KB

                            • memory/4080-161-0x00007FF92FCC0000-0x00007FF92FCC1000-memory.dmp

                              Filesize

                              4KB