Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

116.0.5845...er.exe

windows10-1703-x64

4

116.0.5845...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    126s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/08/2023, 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    116.0.5845.96_115.0.5790.171_chrome_updater.exe

  • Size

    23.6MB

  • MD5

    5664106ac6bcb6a1ea301747af6444bf

  • SHA1

    ba319ce1c6d40c116fc78d1d16a9686ddf424a0c

  • SHA256

    78a95988e301e332b65e4c94da9f358a9f56c847f7de6a01aca7ee536114c02f

  • SHA512

    326ab4bdf66806d7602b96691138c07f57977df6f5c513be045d7a6fa6948494f2a3d3e63870f922ccf9d570c7c6f506955bd272e81a65f6919716a005090876

  • SSDEEP

    393216:Rc7GD+0k2AMQczNm/vwcfwEKzIyvqsb9kjRcoyaW875sxxMlBLsqWAFlq:RcSD+0kPcNm/vtfwcKqsEyLHxxMU2Fl

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\116.0.5845.96_115.0.5790.171_chrome_updater.exe
    "C:\Users\Admin\AppData\Local\Temp\116.0.5845.96_115.0.5790.171_chrome_updater.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:792
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3736
    • C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe
      "C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4236
    • C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe
      "C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4540
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2252
    • C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe
      "C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3920
    • C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe
      "C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2764
    • C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe
      "C:\Users\Admin\Desktop\116.0.5845.96_115.0.5790.171_chrome_updater.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3732

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Desktop\CR_6B082.tmp\CHROME_PATCH.PACKED.7Z
      Filesize

      23.5MB

      MD5

      e122f21619aa324773c5d1aa6655597b

      SHA1

      ec65ab1c644e1cd9160fec583d1a7f63c398179d

      SHA256

      5a28c4970efdc432a4296d8a17397c635bf87dc7148094af85d74d8fa0c7d97d

      SHA512

      ffbd302de33f606e66dc0f56ae0f8dd4507da85ef9f3ecf2c007b727a1a6005218e61d6e790ee0b90232af0c4acbcd11f49fb74008bb2a52ba74092efd4874e2

      Download Submit

    • C:\Users\Admin\Desktop\CR_6B082.tmp\SETUP_PATCH.PACKED.7Z
      Filesize

      142KB

      MD5

      b657eae04f3212550fd307520869018f

      SHA1

      4f2fff08c5e0ab734d25ed57c8d68b76b2f4c173

      SHA256

      3d111209b9c94a704506d9776a33667d35fbb956320aedbdf2846834292ad806

      SHA512

      4a20c96a34d6b0c733ae1b7b3e05e44708e92d9d078e1cbe3925f37b0cb2a2962a1220991e0dc866668dc7c9f64b7ca77f66ff2ab0f8dec64e93700d1a4460aa

      Download Submit