Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
69s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20230824-en -
resource tags
arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system -
submitted
25/08/2023, 21:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1138919612503834664/1144367292063416320
Resource
win7-20230824-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://cdn.discordapp.com/attachments/1138919612503834664/1144367292063416320
Resource
win10-20230703-en
windows10-1703-x64
7 signatures
150 seconds
Behavioral task
behavioral3
Sample
https://cdn.discordapp.com/attachments/1138919612503834664/1144367292063416320
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://cdn.discordapp.com/attachments/1138919612503834664/1144367292063416320
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2380 chrome.exe 2380 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe Token: SeShutdownPrivilege 2380 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe 2380 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2380 wrote to memory of 1304 2380 chrome.exe 30 PID 2380 wrote to memory of 1304 2380 chrome.exe 30 PID 2380 wrote to memory of 1304 2380 chrome.exe 30 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2780 2380 chrome.exe 32 PID 2380 wrote to memory of 2704 2380 chrome.exe 33 PID 2380 wrote to memory of 2704 2380 chrome.exe 33 PID 2380 wrote to memory of 2704 2380 chrome.exe 33 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34 PID 2380 wrote to memory of 2892 2380 chrome.exe 34
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1138919612503834664/11443672920634163201⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7459758,0x7fef7459768,0x7fef74597782⤵PID:1304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1300,i,16131366704093823717,3268902508605181753,131072 /prefetch:22⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1300,i,16131366704093823717,3268902508605181753,131072 /prefetch:82⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1300,i,16131366704093823717,3268902508605181753,131072 /prefetch:82⤵PID:2892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1300,i,16131366704093823717,3268902508605181753,131072 /prefetch:12⤵PID:2664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2200 --field-trial-handle=1300,i,16131366704093823717,3268902508605181753,131072 /prefetch:12⤵PID:2548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1300,i,16131366704093823717,3268902508605181753,131072 /prefetch:22⤵PID:1748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1300,i,16131366704093823717,3268902508605181753,131072 /prefetch:82⤵PID:2848
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1492
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53bd6fbebfd7c3c6362dcabba9d039305
SHA1c1a83b84e035051ad14030e0ad8c9867ae75a6c7
SHA256b27de63de86109e6108388ff6df291a8ce53aef4269d5a34f399baf3612422b5
SHA512916114433091ce84abe31062f0823eb6565dda3e3a0b97818b6c8aa022228c52c362a807d67b5512b222372cfc1838161499b4598e4845a2fc5cf6959f62f0e4
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD58820f70db596458e52e0c2f3885093c1
SHA1212629cf12d7828ac1fa93a5a3fe0e97562d1ec1
SHA256cd17f906de1b1ffb0a1323efd82a0dfbb76e015f58117f1b36cf79eb40d7fad7
SHA512c40b0ba2ee704f8828d15d64d3cac0c0d648a528d73a18fdfbb9ace6dcd46c90526bab9c86e6177f4296eb3b0081671f60db83ddcf559ed54c6e9beee969d395
-
Filesize
4KB
MD559b5f206d85e4a7d9f558a7838e89770
SHA15f1d40f1b5ccc0060e480cfd588208b525116a54
SHA256ebdbc841af64ebd18fbc258ff012414c85a361d5e01a7cdfc74c71590ae9860a
SHA512d6ec6b0aac9b72ff8027c61090d2a8751619023b205ca3c48258503b63dbf92837953978bf7f9395cea20f0344071384648f9d2409813354ad71f7df4e15717b
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d6d2050a-0cfb-4a65-9120-8db7dedee3e7.tmp
Filesize4KB
MD51326a6c3eddd3892d322f6124a2355ca
SHA1989cee86a8b34330e0b3a921ba7804a28e8d1080
SHA2567c0b2bbd30b858003775c1a7b9664f29f87a625472542f91bbed843b38258300
SHA5129c6a338761f4ac054bfb1ec34b753b2328f7232db5b1ebc885f41bc2f82c997aa86a110e1616a7bd05cf7f7f61b15ee4b8387956d82b039be8b708c77aaebcaa
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf