Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
27/03/2023, 04:28
230327-e3x92adf6s 527/03/2023, 04:27
230327-e25mqabf58 527/03/2023, 04:23
230327-ezv1habf49 5Analysis
-
max time kernel
120s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2023, 04:28
Static task
static1
Behavioral task
behavioral1
Sample
Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html
Resource
win7-20230220-en
windows7-x64
7 signatures
120 seconds
General
-
Target
Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html
-
Size
1.3MB
-
MD5
d37728e4e5997f40bc322c81e5b95151
-
SHA1
27768d019b86d2106f0a74f8fb3ec4cf06d39274
-
SHA256
872c2d4357d29481bb1ab4af7c8d324078b34bcad2238cb228d57053fabd648c
-
SHA512
251bc0a66d3bf492c5109983c1bd81b6c9611eb3ae534d314f5be7d98ff6ecb176a83d41eb7fac74a8822f2b411e39749e3ad5638c9efaef8785904bfc12e1e7
-
SSDEEP
1536:2gfpDeDEPwi6q9ndSw1flc96F2XLz0RsNJdXFCd/d/91mZxS6QComqPzYBVKJaR7:o
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133243721318068055" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3224 chrome.exe 3224 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3224 chrome.exe 3224 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3224 wrote to memory of 5068 3224 chrome.exe 82 PID 3224 wrote to memory of 5068 3224 chrome.exe 82 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 4164 3224 chrome.exe 83 PID 3224 wrote to memory of 552 3224 chrome.exe 84 PID 3224 wrote to memory of 552 3224 chrome.exe 84 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85 PID 3224 wrote to memory of 1376 3224 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3224 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf86d9758,0x7ffdf86d9768,0x7ffdf86d97782⤵PID:5068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:22⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:82⤵PID:552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:82⤵PID:1376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:12⤵PID:1932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:12⤵PID:1784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:82⤵PID:1480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:82⤵PID:3200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:82⤵PID:4372
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4712
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ee8c9da81c7494a22f210381645e9802
SHA122f0b629a792383d690a1d1fa845ae6b4c67fd69
SHA256f805b74d7e497ebd3a1a0c86ec7340f586431d8f9a625c90e80353c96a3111df
SHA51281fa57125999b922d0c6f66e736bc42eea1499a89359e4b6e0ba033fb9f0daa5b5633f762fad505f20691be7d10aa7925654b7d972963df7b92cd188c69ccc41
-
Filesize
539B
MD556cbb28c6957fd6fa76df72d9e6be6ed
SHA18194dbcfb1150d34079975005394661048f7ddf7
SHA256212dfd255b00f400b0ef9daadfa3b567673dff0efef47fe962424fa9d64771d4
SHA512bf41fa46b2f22f5cdf5c5b2b6b2abd6338f673b1dab4bfaa2d1cc40af095974d206815711251251f2bca1567976490a62a860a9a725b07964d06e1a0cd897a61
-
Filesize
6KB
MD5e8a02f4d68bdff386bc10a19b2d2f63e
SHA14320e52c89751c59ec46bb770cc2acdfaac8af74
SHA256d0455059ae71325a96b97bd114883a9917fef9499f86cbca65b4f9455079a9ec
SHA5120df1689486087715a7c0e37d50049185c81c6ea1656f53fea9dfa182175b9985caaa262fea75fdc12f11b7dfcacad5727e6bcb7bcbf1645cde23b31433f4ec11
-
Filesize
6KB
MD548b1eb6b2bd9e66e8a58fafad7675a3b
SHA12461495e53edee1c26fb9c46655a84b94eac2f62
SHA2566b5a55db6ce47f06aaf2bd1db5b55ae2253865fd1aba9d4655cb034e4fa6f451
SHA512a3ee71585646f280f998d3c57eb7d14908fbd0c95410b25efedb04a3310a21dd89022c382c67de10d99987276c38d1d9eba2e5b1398c29d3aeda19d376b480be
-
Filesize
15KB
MD5181732febad9f2f5ac5d3bb46202ee3b
SHA16f981d5f424342142655bf14601e8ccd96da6a89
SHA25600c19fdc3bcc7ae21437a2084194458c959b60ff299b923aa2958ba8b2b8bb0f
SHA512528fc990c855e1328051d50cbb11b0dda0e60a8c49dc626861170065f63fd0a24af0bee176e05d68d40838df49b14db70c360ece7ed488ba36a10fa2145bffc9
-
Filesize
144KB
MD505133c4c17e726df8569b6fde5e2f215
SHA1eb1588b44bb0f93aeedcfa5a456aa962f3b45d94
SHA2562bd473241281693183978a7fd0ba5fd2139d6d8d82afd12eaf43cf5d57fd7413
SHA5127df128e707256beefd81d04b542ed2cfd76ff506108f364cd1c499c98e6c749db91c288cf0fc016f8ded308b5e3a308b2d45a44c5142e3348c11430a79e07d83
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd