Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
05/08/2023, 20:38
Behavioral task
behavioral1
Sample
Start.exe
Resource
win7-20230712-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
Start.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
Start.pyc
Resource
win7-20230712-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral4
Sample
Start.pyc
Resource
win10v2004-20230703-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Start.exe
-
Size
6.6MB
-
MD5
4ff1a6d0d722770bebe80b57e676e132
-
SHA1
154c1547cab946367c7a3366d511f02ebf8c6425
-
SHA256
00d4402179d21bface52a488a4aebc7d455f52f8ba19f6a01064a7c03e2a1816
-
SHA512
e55824985e3576af3ab4c5c3467bdbbd7ea6e0ab6bbca5c3f731f78c7cfc2be2233db6ad02a6d52fc83fcd18089602243fde7bda55d83d3d5f5536f6238d1fc8
-
SSDEEP
98304:mozTX4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqfvsJ1YPwIu/:mmX4FMIZETKwjPePdrQJ/BNOqAYPL
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2556 Start.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2916 chrome.exe 2916 chrome.exe -
Suspicious use of AdjustPrivilegeToken 26 IoCs
description pid Process Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 688 wrote to memory of 2556 688 Start.exe 29 PID 688 wrote to memory of 2556 688 Start.exe 29 PID 688 wrote to memory of 2556 688 Start.exe 29 PID 2916 wrote to memory of 2688 2916 chrome.exe 35 PID 2916 wrote to memory of 2688 2916 chrome.exe 35 PID 2916 wrote to memory of 2688 2916 chrome.exe 35 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 2032 2916 chrome.exe 37 PID 2916 wrote to memory of 1472 2916 chrome.exe 38 PID 2916 wrote to memory of 1472 2916 chrome.exe 38 PID 2916 wrote to memory of 1472 2916 chrome.exe 38 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39 PID 2916 wrote to memory of 2956 2916 chrome.exe 39
Processes
-
C:\Users\Admin\AppData\Local\Temp\Start.exe"C:\Users\Admin\AppData\Local\Temp\Start.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:688 -
C:\Users\Admin\AppData\Local\Temp\Start.exe"C:\Users\Admin\AppData\Local\Temp\Start.exe"2⤵
- Loads dropped DLL
PID:2556
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2892
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5fb9758,0x7fef5fb9768,0x7fef5fb97782⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:22⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:82⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:82⤵PID:2956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:12⤵PID:3012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:12⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1264 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:22⤵PID:2052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1436 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:12⤵PID:2536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3344 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:82⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3648 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:82⤵PID:2160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4076 --field-trial-handle=1188,i,51681310067478588,9038705333773650750,131072 /prefetch:12⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1676
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
179KB
MD59c2479054cbf8cf72396a4403f09a48d
SHA184db0d158052a9621c932f3a812ee898ab8ce49e
SHA256f48ebfa9fcc8e782a13f9e8c2244d8aa1f7b69fafc743b89a0fda47f7e95c1ab
SHA5126aa78166684203e7434a3e82f31b1eba7c58ee45cad6839f0739471136bfa859a55f1b10b0120fa0d1894a2ccaa3c7fac615a51e45beca7cf61f131755c20601
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
525B
MD5350eea6a1146a2abb5e643641d629833
SHA139e496cb0862fa1a48e2156af246a3dfe84a0cf4
SHA256bd601181bf280e446e1e82ac2480e924424f6bf0a2dbbaf39e161af9e05725e5
SHA512467a83e95a6a619c3ad37806bc7a400bc8b2e4ed4dc1300b417c23f7d1bcee89fcb3459f04a8698fbdec86e55e4f4eb011ebd279ecad53e46a58675fdea75326
-
Filesize
4KB
MD5d46750ae89666bd40d5d958c443f32d4
SHA19c6c8bd9581be623e4336499fafc8b976e65ef9d
SHA256a8679ee665ef6f3e97336ee053f06ecf6fafd433de42c573493301e08da643ff
SHA512c7886873d7860fbc6f9db620312df6a68284fdbdde2f62a880b60212b79acea4a11620a2701a39be27dde9c0c8c2e83b56aed4408c968663e6e4669f3b47e7dd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
179KB
MD51815f0efa503c5de5227a9445187ac0d
SHA1cadb17b4222f13d66509f328ddc37e7be25907f7
SHA256d09c0fec111915526e4240808f76e35c6117ae49d4a78479556eadfd5a28c421
SHA5121fd93e066fe6d25443bfeb839810ac495f3f05d17f26745ef9a3d460947fc99253ed30ee2f2c048caf2f08c1d97a85d498dc486f54a6a2b70528fd18760e2f2f
-
Filesize
5.5MB
MD55a5dd7cad8028097842b0afef45bfbcf
SHA1e247a2e460687c607253949c52ae2801ff35dc4a
SHA256a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858
-
Filesize
5.5MB
MD55a5dd7cad8028097842b0afef45bfbcf
SHA1e247a2e460687c607253949c52ae2801ff35dc4a
SHA256a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858