Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
10/08/2023, 22:41
230810-2mj4sshd67 107/08/2023, 20:48
230807-zlwebshd39 106/08/2023, 01:58
230806-cd7q3agh6w 105/08/2023, 22:43
230805-2ndcmsfa69 104/08/2023, 23:11
230804-2593yaga7y 104/08/2023, 15:03
230804-se8bzsch5z 103/08/2023, 22:07
230803-11w5vagc74 103/08/2023, 11:46
230803-nxsl2aec4y 103/08/2023, 00:07
230803-aef9dsad88 102/08/2023, 19:21
230802-x2q4faaf5s 1Analysis
-
max time kernel
45s -
max time network
38s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
04/08/2023, 15:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shop.awesomatix.com/auth
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
1800 seconds
General
-
Target
https://shop.awesomatix.com/auth
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133356350231609561" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 556 chrome.exe 556 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 556 chrome.exe 556 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe Token: SeShutdownPrivilege 556 chrome.exe Token: SeCreatePagefilePrivilege 556 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe 556 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 556 wrote to memory of 4788 556 chrome.exe 49 PID 556 wrote to memory of 4788 556 chrome.exe 49 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 5100 556 chrome.exe 87 PID 556 wrote to memory of 4724 556 chrome.exe 88 PID 556 wrote to memory of 4724 556 chrome.exe 88 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89 PID 556 wrote to memory of 4620 556 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shop.awesomatix.com/auth1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:556 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff95789758,0x7fff95789768,0x7fff957897782⤵PID:4788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1872,i,4005864975529233477,11114584260216970882,131072 /prefetch:22⤵PID:5100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,4005864975529233477,11114584260216970882,131072 /prefetch:82⤵PID:4724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1872,i,4005864975529233477,11114584260216970882,131072 /prefetch:82⤵PID:4620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1872,i,4005864975529233477,11114584260216970882,131072 /prefetch:12⤵PID:4320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1872,i,4005864975529233477,11114584260216970882,131072 /prefetch:12⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1872,i,4005864975529233477,11114584260216970882,131072 /prefetch:82⤵PID:4952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1872,i,4005864975529233477,11114584260216970882,131072 /prefetch:82⤵PID:3688
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2136
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
539B
MD57819f86310d2abf0114f763f51923ab2
SHA11e129258543893b08b762c27cb6f0e232dcf8008
SHA256f9d8ffa9ea4e9933d357de99026f78212dfdc54a2fe4cc87a34203736b63b084
SHA51207c9b4c8eb7e33124b414786930579ada10c4779d5bc7283bb0c1fd78129c9d5d04382a3018a0b4a554847926f414f74a4b723ddb3333065ccdf6c106cf59b29
-
Filesize
6KB
MD521c9c0da0bd6a64d92d1597e1c76cdc2
SHA1978cbe0f9a04fcbe4122807f48ab8bfd0de8e6de
SHA256978d763f14c65885fde04029dd7ce44cbf65723b324b3a654a28a839126ec34d
SHA51290f486cd212801fa6760c406a7e660d4e78ba447af7a4bf477a53e0082a420dafc9a264ee43d4e7c25157da3b4cd21f5d0ab529dcea0bfbb1a7a2ba32a73bc21
-
Filesize
87KB
MD59a8242f35e0e44a0d8a2e2668d2a40fb
SHA1348f204f0d9a0be1e23f76f24881668396403af0
SHA256ae1dda4f1aaf0ee957b5310252836301494c584beaa266e93c5910b6b84bd5dc
SHA512fe782e972e09b6f5110cd58a153732957c58da86b4bfabf20944b01e2c6c8bdc09e945a5f2d64dccbe72b4e1800e063d72b2a7b015ea0022b8f471f6a328f46c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd