Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
10/08/2023, 22:41
230810-2mj4sshd67 107/08/2023, 20:48
230807-zlwebshd39 106/08/2023, 01:58
230806-cd7q3agh6w 105/08/2023, 22:43
230805-2ndcmsfa69 104/08/2023, 23:11
230804-2593yaga7y 104/08/2023, 15:03
230804-se8bzsch5z 103/08/2023, 22:07
230803-11w5vagc74 103/08/2023, 11:46
230803-nxsl2aec4y 103/08/2023, 00:07
230803-aef9dsad88 102/08/2023, 19:21
230802-x2q4faaf5s 1Analysis
-
max time kernel
112s -
max time network
116s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
07/08/2023, 20:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shop.awesomatix.com/auth
Resource
win10-20230703-en
windows10-1703-x64
7 signatures
1800 seconds
General
-
Target
https://shop.awesomatix.com/auth
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359149454661286" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4520 wrote to memory of 3080 4520 chrome.exe 69 PID 4520 wrote to memory of 3080 4520 chrome.exe 69 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 3112 4520 chrome.exe 72 PID 4520 wrote to memory of 4232 4520 chrome.exe 71 PID 4520 wrote to memory of 4232 4520 chrome.exe 71 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75 PID 4520 wrote to memory of 5072 4520 chrome.exe 75
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shop.awesomatix.com/auth1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdc5b09758,0x7ffdc5b09768,0x7ffdc5b097782⤵PID:3080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1816,i,172833182411999970,9132727589800908777,131072 /prefetch:82⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1816,i,172833182411999970,9132727589800908777,131072 /prefetch:22⤵PID:3112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1816,i,172833182411999970,9132727589800908777,131072 /prefetch:12⤵PID:96
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1816,i,172833182411999970,9132727589800908777,131072 /prefetch:12⤵PID:236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1816,i,172833182411999970,9132727589800908777,131072 /prefetch:82⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1816,i,172833182411999970,9132727589800908777,131072 /prefetch:82⤵PID:3220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1816,i,172833182411999970,9132727589800908777,131072 /prefetch:82⤵PID:5068
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1032
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
539B
MD5e7e93e9bee833bc9e5ea48167e1dca66
SHA16c566fc2cf3c52d9de86ee33f218b2057ad70cfa
SHA2564add753fbc2fc02c6b5a124d395d3fe9c3547709a8525fe364bfc362a790613b
SHA512e91953905065392b888248ebf43ca2f8d95e39cff967e803a3b2f64df50611120684925455d856f5968b284c2b2ed0a6fc4f18735423626ddcfcc2b13a2d47d1
-
Filesize
6KB
MD513e581a12c629cfff1a042fdbc45468f
SHA1793c9b797affe90ae91867a613f6d8ad4144bafb
SHA25627ace0c9caa0d63f47cbcc9f4164b104509e7b8031e43476aa4e3ca5e151ec76
SHA51256c45df5a79ef5de2ed6e51527ef498bd59eac40e3843c53e14233ae0eff312329d5167c2915647b44182b4c7b039252e067ea0ae51fd5d5c3376754a16fa0f2
-
Filesize
6KB
MD598479cea9cc01f5f6b0a41ce4946d96e
SHA1743098ac00db05aa245fabdd80dfe88606b71772
SHA25600fe5c13251e4b13de792e11427713f400860deece59b7b1c33207e442286ed9
SHA51205cbadcfb397c1b704398859d33c9149698cb60d624d3988f670c0f96b1e9261b4d49ca445328adb89ad42921a722062f17c62186389311e6f46f0e62541fdb1
-
Filesize
6KB
MD5e46e1a07284ef2f039da862487e0f70b
SHA113df4bab8d5dba3a6d32c15a47cf1384c39d8156
SHA256e5df805de867b31eed7fc9b268a8e67c1f0f5110d1fde1bed023e0c83b912dc6
SHA512898f03c2f161e4a97b9be3c25eddebccabd190933c7b7d1c9f98d9208112695b298ed4f7aa2db51c8e28018f8fbea16e1ce2401eef1c8d05970660b5ef94a6cc
-
Filesize
87KB
MD54be37a667972172a733c5a0df2ce0db3
SHA161e11c24cb40600bb1307916911d9b590dbf2524
SHA256664ff7149a0f909629d33f368312baa8860feec391fdb3a5c3177c19364f6efe
SHA5126adb9b111dc2def7107002edef6d9e8f3082d31923eed6386c4abfbd9a29fe33576409774e964ba0125fc17a3422799b0808e9bf84a3233654bb644c752d33c0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd