Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
16/07/2023, 17:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://dl.yasdl.com/Arash/2022/eLearning/Ultimate.C%2B%2B.Part.3-Advanced-Code.with.Mosh_YasDL.com.rar?aa2bb
Resource
win10-20230703-en
windows10-1703-x64
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://dl.yasdl.com/Arash/2022/eLearning/Ultimate.C%2B%2B.Part.3-Advanced-Code.with.Mosh_YasDL.com.rar?aa2bb
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://dl.yasdl.com/Arash/2022/eLearning/Ultimate.C%2B%2B.Part.3-Advanced-Code.with.Mosh_YasDL.com.rar?aa2bb
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133340015991217305" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4524 chrome.exe 4524 chrome.exe 1492 chrome.exe 1492 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4524 chrome.exe 4524 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe Token: SeShutdownPrivilege 4524 chrome.exe Token: SeCreatePagefilePrivilege 4524 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe 4524 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4524 wrote to memory of 236 4524 chrome.exe 26 PID 4524 wrote to memory of 236 4524 chrome.exe 26 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2844 4524 chrome.exe 86 PID 4524 wrote to memory of 2976 4524 chrome.exe 87 PID 4524 wrote to memory of 2976 4524 chrome.exe 87 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88 PID 4524 wrote to memory of 4752 4524 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dl.yasdl.com/Arash/2022/eLearning/Ultimate.C%2B%2B.Part.3-Advanced-Code.with.Mosh_YasDL.com.rar?aa2bb1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd97b19758,0x7ffd97b19768,0x7ffd97b197782⤵PID:236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1892,i,7527984546677967547,4143688849101899948,131072 /prefetch:22⤵PID:2844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1892,i,7527984546677967547,4143688849101899948,131072 /prefetch:82⤵PID:2976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1892,i,7527984546677967547,4143688849101899948,131072 /prefetch:82⤵PID:4752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1892,i,7527984546677967547,4143688849101899948,131072 /prefetch:12⤵PID:4596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1892,i,7527984546677967547,4143688849101899948,131072 /prefetch:12⤵PID:1152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1892,i,7527984546677967547,4143688849101899948,131072 /prefetch:82⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1892,i,7527984546677967547,4143688849101899948,131072 /prefetch:82⤵PID:2592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3940 --field-trial-handle=1892,i,7527984546677967547,4143688849101899948,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:264
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58933b343d024d0258e0e8cdc97c8203d
SHA16d519b4e04293ae4cafbd0bd27146c35de70e5c2
SHA256ef32ebaf60fbd6483f8989f1cf1e25074287cd8c631b7171ce15c9ed6578c1f1
SHA512b0179c87915c5f5d26d5078723b85022b8828d0b083c7fc0e7e4705387fe8c20c1fe4f09b57ab3c587f03e576b3748dc0282a5722065c883900e9e1c4049bae2
-
Filesize
6KB
MD5f43956f69cde69823d38ce02b8ea1662
SHA11d12f94695222a3977d70f1d7338a83e5509d27a
SHA256069cc9226fc7f6ecd8ac5721bd2047b905808027856f74f06ce0356a51363940
SHA512dc29b593b62666fb0f8c52abbfb187e319151b2ab7899a75c8354a38532638446858d6038e5f0caf5c47646ed75d9e1b0a93222228565cdd9e0347446e5b3b8b
-
Filesize
6KB
MD5c14a1c426f6c891ff8eb4e8358965c6b
SHA158f667116411febd6b152cc91a93349873e54e7c
SHA256a229cd0864f6a17d3a82c38cdd2a093cae7d5ef70ccaa068ed062522a5d83ba7
SHA5129a40fdbea17a5e83a72a3aadd0cc9f2399908f38c0b7f8731df5779e1b05ddeeec577080118905371456a90c49f5ed5680bd1bdf45ab83e9f16785186c723f08
-
Filesize
87KB
MD5e6879a73d11d8c5c26735bb91be7685f
SHA1a0ef1ea5f0bf342566af23602626b7c159ebce47
SHA2564b1284e949810cc8623317e7dabcfa77b91ff8cedda75e578acb71d7bc611a30
SHA512b500632be9228ed88af844e01968cc768cf26a8ab50cfa541c2d073ad6b83123d1768c0e5c58072129d9a3619cde1f0f5fc6b95f91b461a3b8323b0dce951947
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd