Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
1Static
static
1windows11.js
windows7-x64
1windows11.js
windows10-1703-x64
1windows11.js
windows10-2004-x64
1windows11.js
android-10-x64
windows11.js
android-11-x64
windows11.js
android-9-x86
windows11.js
macos-10.15-amd64
windows11.js
debian-9-armhf
windows11.js
debian-9-mips
windows11.js
debian-9-mipsel
windows11.js
ubuntu-18.04-amd64
Analysis
-
max time kernel
1200s -
max time network
1176s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
16/07/2023, 13:09
Static task
static1
Behavioral task
behavioral1
Sample
windows11.js
Resource
win7-20230712-en
windows7-x64
0 signatures
1200 seconds
Behavioral task
behavioral2
Sample
windows11.js
Resource
win10-20230703-en
windows10-1703-x64
8 signatures
1200 seconds
Behavioral task
behavioral3
Sample
windows11.js
Resource
win10v2004-20230703-en
windows10-2004-x64
0 signatures
1200 seconds
Behavioral task
behavioral4
Sample
windows11.js
Resource
android-x64-20230621-en
android-10-x64
0 signatures
1200 seconds
Behavioral task
behavioral5
Sample
windows11.js
Resource
android-x64-arm64-20230621-en
android-11-x64
0 signatures
1200 seconds
Behavioral task
behavioral6
Sample
windows11.js
Resource
android-x86-arm-20230621-en
android-9-x86
0 signatures
1200 seconds
Behavioral task
behavioral7
Sample
windows11.js
Resource
macos-20220504-en
macos-10.15-amd64
0 signatures
1200 seconds
Behavioral task
behavioral8
Sample
windows11.js
Resource
debian9-armhf-20221125-en
debian-9-armhf
0 signatures
1200 seconds
Behavioral task
behavioral9
Sample
windows11.js
Resource
debian9-mipsbe-20221111-en
debian-9-mips
0 signatures
1200 seconds
Behavioral task
behavioral10
Sample
windows11.js
Resource
debian9-mipsel-en-20211208
debian-9-mipsel
0 signatures
1200 seconds
Behavioral task
behavioral11
Sample
windows11.js
Resource
ubuntu1804-amd64-20230621-en
ubuntu-18.04-amd64
0 signatures
1200 seconds
General
-
Target
windows11.js
-
Size
453KB
-
MD5
0a9b12d62d03a6fc977e1c92e6a5387a
-
SHA1
795e78822cbd086c809fe9602f378a20b79081fa
-
SHA256
518129a66174332ce65eda7b6f7287b3774d062707745b8ad08f1b3247dc8b08
-
SHA512
3ef9624877f6b5506405bcc8f6fc7972fc5eff6f47c813b5005283351f714f6799696dc67dadb7b698fff553ab4b73ffd055c6f4f3ec6c7847f5d2ddbcce2810
-
SSDEEP
6144:AE7OCSToN2/G57FWwB4ig5/TKqTIU0ydyVZr3uyFm:snWDFm
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2500 chrome.exe 2500 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe Token: SeShutdownPrivilege 2500 chrome.exe Token: SeCreatePagefilePrivilege 2500 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe 2500 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2500 wrote to memory of 760 2500 chrome.exe 73 PID 2500 wrote to memory of 760 2500 chrome.exe 73 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 2864 2500 chrome.exe 75 PID 2500 wrote to memory of 984 2500 chrome.exe 76 PID 2500 wrote to memory of 984 2500 chrome.exe 76 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77 PID 2500 wrote to memory of 2352 2500 chrome.exe 77
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\windows11.js1⤵PID:2856
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa72f19758,0x7ffa72f19768,0x7ffa72f197782⤵PID:760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:22⤵PID:2864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:82⤵PID:984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:82⤵PID:2352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:12⤵PID:4956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:12⤵PID:4352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3552 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:12⤵PID:3000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:82⤵PID:2984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:82⤵PID:2656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:82⤵PID:4296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:82⤵PID:4704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:82⤵PID:3252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1792,i,132613656817579572,14824843043956911720,131072 /prefetch:82⤵PID:4208
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3204
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
369B
MD594eec53e07cf0e2d1bc3621b03216bb4
SHA11155e8f1c9abd02388d14fce3c10c100f7eed9a5
SHA256ca6d53f73d7500a56cf603427dc1553eba0e1479ed1823401fe53cb407289ed1
SHA5122c3e2500893b42d9fcafd53123fe3dc8de4c311791248e12851e802ffbae3577e44c2e5a8f1c1093238b934564ba823751177071a2dc555edb072311d53db693
-
Filesize
5KB
MD571afd810794632bc09522c534a61b836
SHA142a27743c077a2b0588b9fbf120063636af8daea
SHA25638b65be4a13ebfec652c270535e86ff139578cd04f98a9de1ab39c66f04066fa
SHA512dbededed4145495c6f7997f3fb2cb165bdedb5716a2616ac61fade43e41cc3f0a88fed0b34a929e2e210b937749a506a0926150a56843446d8302bbd0d891886
-
Filesize
175KB
MD511d39e82e025d5c3ffc85d8f4fb85f2f
SHA17c0810c87fa65acf758240e7112ac5a3537bfe8e
SHA256a7b3da0613e9b295e666bf0fa735ff9ecbd663bc6f9c02171591287b4306767d
SHA51291e069c362215b57d6ce90ac0924a74c2895b0e5c9ee75e4eeed48a35b51b7361a8346e0494bd0def46071813f3f94ad2529e38199ab0709d3376a8fda11ad22
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd