Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
03/08/2023, 16:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://campaigns..ecellar1.com/ct
Resource
win7-20230712-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://campaigns..ecellar1.com/ct
Resource
win10-20230703-en
windows10-1703-x64
7 signatures
150 seconds
Behavioral task
behavioral3
Sample
https://campaigns..ecellar1.com/ct
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
Behavioral task
behavioral4
Sample
https://campaigns..ecellar1.com/ct
Resource
macos-20220504-en
macos-10.15-amd64
0 signatures
150 seconds
General
-
Target
https://campaigns..ecellar1.com/ct
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355553998589065" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1200 chrome.exe 1200 chrome.exe 4380 chrome.exe 4380 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe Token: SeShutdownPrivilege 1200 chrome.exe Token: SeCreatePagefilePrivilege 1200 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe 1200 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1200 wrote to memory of 3032 1200 chrome.exe 84 PID 1200 wrote to memory of 3032 1200 chrome.exe 84 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4364 1200 chrome.exe 87 PID 1200 wrote to memory of 4972 1200 chrome.exe 86 PID 1200 wrote to memory of 4972 1200 chrome.exe 86 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89 PID 1200 wrote to memory of 1376 1200 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://campaigns..ecellar1.com/ct1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1200 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeeb8a9758,0x7ffeeb8a9768,0x7ffeeb8a97782⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:82⤵PID:4972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:22⤵PID:4364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:82⤵PID:1376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:12⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:12⤵PID:468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1624 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:12⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3120 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:12⤵PID:3992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:82⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:82⤵PID:1804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3124 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:12⤵PID:2984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1724 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:12⤵PID:2608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4168 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:12⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1888,i,18225485084595464911,3293284282920077578,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4380
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3344
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5c84fa91aa147840d97484194aeece4c1
SHA1672c9e01c530949c7fa6cb3ef8350e28f2cfa683
SHA25647a2b0bff50b1b1ec3350e0260956afba5a925ef322bc2bc65c156dae4efbc45
SHA5122a45466b740b14c10582d0309101af14e7d7e6a96bc13592e6bb596f293b5fb12178d92d5f68cc973bfc8075a3a4f9d781bda9319e4df420d3b3ef3ebfe16242
-
Filesize
5KB
MD5a54dfa8df87007118b3f934be28cc383
SHA17a9ece6124c599e5924e16121ac4cc5800c8f13c
SHA2569941511bfea6bade5076b0923c9b1bcc6219c3c74422b346513d4ef1d4437aab
SHA512f0fb07c0e6faacbce1cb5cba06905ea41fd9532ad12fbfab75a53b39fd203cbdfef266ec000b3e5c785fc4d3dc9a22f1f9c374d5f4c5f7f5216a217c0133cba4
-
Filesize
5KB
MD552078b39ee527676ccd6ca03f7c546ee
SHA1f32cfd0560a3f215dbc6977ae3d73194ff797e03
SHA2567c15bcb36a32c5b8194d15a0b8947a251e79672d7f0d45099b93422dc6a4d5b1
SHA512a4f3b828b973b3f000039e7b6b98b7617ad4b64011cd56ca24ced49d388e34296171f252b40d4ebd8480ceea4f479f82d742cb60499aab6e1747352aa2a61b0a
-
Filesize
87KB
MD5ad070823d37e35e8a8259d4d02dc801d
SHA1df048d42a6e3c196b4aaabdbb433f58c31333496
SHA2567a24900bdacaa56c79144424f25d9a72fff2833b412a1e0bf64adb5a0a174bb0
SHA512a629caeebae3d57f514b4c9550939150802f74629274a3d84fa33431ca84a3fa9fa7613a2db73ecb0325191ad8d31d16f88c04b61eba575e1f6778de7e42832e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd