Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1800s -
max time network
1689s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
14/07/2023, 20:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.dropbox.com/s/dl/2lp810ujkbrwovn/ThunderBird.rar
Resource
win7-20230712-en
windows7-x64
11 signatures
1800 seconds
Behavioral task
behavioral2
Sample
https://www.dropbox.com/s/dl/2lp810ujkbrwovn/ThunderBird.rar
Resource
win10-20230703-en
windows10-1703-x64
8 signatures
1800 seconds
Behavioral task
behavioral3
Sample
https://www.dropbox.com/s/dl/2lp810ujkbrwovn/ThunderBird.rar
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
1800 seconds
General
-
Target
https://www.dropbox.com/s/dl/2lp810ujkbrwovn/ThunderBird.rar
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133338386634606773" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2772 chrome.exe 2772 chrome.exe 2960 chrome.exe 2960 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2772 chrome.exe 2772 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe Token: SeShutdownPrivilege 2772 chrome.exe Token: SeCreatePagefilePrivilege 2772 chrome.exe -
Suspicious use of FindShellTrayWindow 43 IoCs
pid Process 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe 2772 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2772 wrote to memory of 1888 2772 chrome.exe 70 PID 2772 wrote to memory of 1888 2772 chrome.exe 70 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 3532 2772 chrome.exe 72 PID 2772 wrote to memory of 4564 2772 chrome.exe 73 PID 2772 wrote to memory of 4564 2772 chrome.exe 73 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74 PID 2772 wrote to memory of 1204 2772 chrome.exe 74
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/s/dl/2lp810ujkbrwovn/ThunderBird.rar1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2772 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff831cf9758,0x7ff831cf9768,0x7ff831cf97782⤵PID:1888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:22⤵PID:3532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:82⤵PID:4564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:82⤵PID:1204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:12⤵PID:1708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:12⤵PID:3092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:82⤵PID:4836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:82⤵PID:820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 --field-trial-handle=1640,i,8054564876965195901,14169560923147109849,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2960
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4428
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d6f7869c22362d6556493c4c3abb7af0
SHA1f8673adb1f4d64d4d2b7227bcfe223ae743cc774
SHA256f9f39678645f751f8179ffa9e05d6468dcff70184f927ec024f9a3fc7614e43f
SHA512c4592098ea09b09e73f946eed35df249baaf65f109af0263242b6f2874a1c732e3496f6c6cc9510431a8134a218417af6c14ecf9e9d8fdf5a4b3194527a598c9
-
Filesize
1KB
MD5e71c1db6ce16e48ca6cab7bb02094f9f
SHA194df1154aa98a37981278c798a6ff87d8d52fbc8
SHA256ee3ee741350e88636152065fc2fc1ec90798f468c573881ce666d0f5905e340b
SHA512e1da490a03b105ac476bb6de5339488db7ca6058e091af8d8ff010d0341816612f4976d7b0af8cc62cc651537bcaf863bbc0bd217290a4eadc7861b2574f5453
-
Filesize
705B
MD58ecbe6d260ecc8491450dfc1f11d4a49
SHA123f217e107c6ba8758da081ee5deb05341bb53ed
SHA2568800fbe06f8b57647e2e50bd2a0a27ae46cef1a48a4d238bc6b030d8f28f544b
SHA5123e8910514f83e090a0209a4743133d5b21d8a368dd161e5112808a3bcc2daeaa9b50e47933636c2e59fd3567608f2bb9f3dfd41e1c9f4d9dbb7981afac778d7c
-
Filesize
5KB
MD5c666c4021b8c9d24ee4089cfe445f5f1
SHA1f74a8611e5bc2cad6b473413a1c02eb4037e583a
SHA256fa6da6142d86cf2af5249549457cff66536ff3188df1d20cc52d36ed6e075f8e
SHA512fd869d6c9e3d5233221aac89effcdb5d59067e3cce6290703967ff90f8617d09c10c1feda7028dc0944b147e8318648cca4ac57022015ea2b0e833540e731f92
-
Filesize
5KB
MD5bece2cff2b696b230acaa2bc625caf77
SHA136c4f4dbb1faeacf8c21605b40c88587fd10da26
SHA256dbeeb110c20a3585cdafb612f914a3c621542721e88dfbd64654ea9181124373
SHA512167481317f6081812c3daf6fd43ee45ee51ac7a0879fa3af1787543f5315e8723cfb75c38cd053bd07a056d78d3af60f0e8bbec3232fd9ec474f89a3f4c78947
-
Filesize
5KB
MD543849445357c67f3f085d9a108776b45
SHA1da0088bf66cc5960495e81eeb9105df85d46de70
SHA2569bddfddfed9acc72358fc41ab1fac55511f6fe011296b0399c948d3024605e8f
SHA5122f806ea3e3ea06c971372393824229038550598a894c83b856f6af2acfd888a17cce390def02a88155f778913720ce03182bf06865518ca183c1d0857d03cdc7
-
Filesize
87KB
MD5971b2e3c71a5d7f3c125368278818f1d
SHA1159234b818598083709951bbe218ba5a0eff6385
SHA2564845733bb01b00c5bd8a9375e8a9b6515b8fb50cf86183089dbf7717d8b0ea57
SHA512d1a03bdd734301e8a38660b52556cd974fd16ddde1db9aa7698cb58462e2d09758c2e58aaaff815ca60fda6410f2903ea545723ce831be617e40c6d4a637860b
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
16.0MB
MD54b4f0de594a228dc3af6daf1cefbe34e
SHA11668a457a86ef4cb5d6893f401ca94d0914ea522
SHA2568edb7700c5546aa3eab8234a6015d719ba912d198dd70335fbc5cb1e58ac814b
SHA512355bb9f4fe044aed94d1ebdcbf230a7d5823d673a477054d2086e66e3a76ffe6dbd858eb5b82d99a1a998bdcf2946f24e67ad64757fb05926e484517e6295664