Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
25/08/2023, 21:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1138919612503834664/1144367292063416320
Resource
win7-20230824-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://cdn.discordapp.com/attachments/1138919612503834664/1144367292063416320
Resource
win10-20230703-en
windows10-1703-x64
7 signatures
150 seconds
Behavioral task
behavioral3
Sample
https://cdn.discordapp.com/attachments/1138919612503834664/1144367292063416320
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://cdn.discordapp.com/attachments/1138919612503834664/1144367292063416320
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374714031240496" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4596 chrome.exe 4596 chrome.exe 4628 chrome.exe 4628 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4596 chrome.exe 4596 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe Token: SeShutdownPrivilege 4596 chrome.exe Token: SeCreatePagefilePrivilege 4596 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe 4596 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4596 wrote to memory of 2632 4596 chrome.exe 63 PID 4596 wrote to memory of 2632 4596 chrome.exe 63 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 4280 4596 chrome.exe 72 PID 4596 wrote to memory of 3044 4596 chrome.exe 71 PID 4596 wrote to memory of 3044 4596 chrome.exe 71 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73 PID 4596 wrote to memory of 380 4596 chrome.exe 73
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1138919612503834664/11443672920634163201⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff84b869758,0x7ff84b869768,0x7ff84b8697782⤵PID:2632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1824,i,14674307492593620652,3144781515271652291,131072 /prefetch:82⤵PID:3044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1824,i,14674307492593620652,3144781515271652291,131072 /prefetch:22⤵PID:4280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 --field-trial-handle=1824,i,14674307492593620652,3144781515271652291,131072 /prefetch:82⤵PID:380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1824,i,14674307492593620652,3144781515271652291,131072 /prefetch:12⤵PID:4156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1824,i,14674307492593620652,3144781515271652291,131072 /prefetch:12⤵PID:5020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1824,i,14674307492593620652,3144781515271652291,131072 /prefetch:82⤵PID:4144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1824,i,14674307492593620652,3144781515271652291,131072 /prefetch:82⤵PID:2612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4432 --field-trial-handle=1824,i,14674307492593620652,3144781515271652291,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4628
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4872
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5530d52d5daecafe41520deb1991d1a9d
SHA12e28a072c4b85d8d48636167de7d91a5f7099f83
SHA25647beb012262cbe840d682bdd309e8b5c253e0af9bd5979f7552d56b0f5920383
SHA512b04a75345c381052cdeb5783a32474654acf064fe0df6b939df3172c792765343949925cc57a3b41e8695f8c4dd3cb965b0876948c424100aa19805d3058a9c5
-
Filesize
1KB
MD5a98430f83bf663a3b0f0a1837593da1e
SHA10ba8d3ce6a9fb42852b2c315a040181c167a7ebd
SHA256c26046560e3d89de0b26720c8ffe4ee962791357df34f372f2f6c2125b5ff42e
SHA512590e8434b4e8068ce3184b52f4e965f491428c1c35b8e71868e195b89e79cead11e5b2136d887e62d7e830e05fcb2239dce19335d3f2d4737f51cb02d651f557
-
Filesize
1KB
MD54a1e32e80f66c3a25a536949bbe8c5a8
SHA15d640b6f71a596b60d72bc0275e34470d1da27eb
SHA25644e280916313f88e2fa4115dde46b40875f50520360a3e8044ad2c9e252578ae
SHA512b8426188282624758dbfe4140bf2a2aa2014c79e4ae7da97d45283542c7b4cffcf2b58b495495aadd1aaa5881a9ac8248ce71e852280dc5fdbbb04a7f8381ac5
-
Filesize
6KB
MD57c5e21fdb6251d6fa70114221fb331f0
SHA1547141acaf8b25421783737fbeac6b968cc226af
SHA256fa52328acf6e8884c4eac574e61570026e2377a5d29a1680fac007ccd6165d7d
SHA512fc39a2ae2a7b248fd984bdbaf54595549db38f86c8fb956a747594b87a3026f7dd1f7b9d4b459a084f4a8283b6d94ea3ecc088816f027bc2b7d0ec00cc169f9f
-
Filesize
6KB
MD578d1bd10d5b2073ddfa806f5d80148a1
SHA1717b11efd25c9320d037abf2932fb1c471a70023
SHA25679f8ff4b62802aebe9936f8e8dd9bb485b0d357e8b0cd43fa772a7970295f337
SHA5121a3a4e66db045de67bbe32fdefdcb86c5b79e9a568e7f19759c0c204e8a8927005c5fc4553a7d9b5df3d9a2f9edb7cb78cb325d539b1e427d035e22680a5a297
-
Filesize
6KB
MD57f9b168b246cfcac213ce6bd5da63ae8
SHA16e7fc38606a5bc5f043afc7dc0fe352db7f4cdc1
SHA256388d474db84d99527346c682726aed9fc7f371b2d120f5792cb0ca0336ac6f32
SHA512f08214ea56c47a7f3e9869bc463333f00576d52a157a45bac48ce9617f47124ad43cde1843e64260930ec40867f0493d4adae526dde441694bfc0998ff6aa72a
-
Filesize
87KB
MD5dcde57eba072af80f1c3492c264c63c3
SHA1667ae39e2c8683fca5e386d5460f32e4a09edfe0
SHA256bdab48368e747cb1fc24209797130a21ea92cc0d696dd7974e0ec42b64322581
SHA51294ce460751b3bf05ae209b80c8a4ff98ce1ae54c0e3099b26b26b7ff114c18100748a7aa27a7e25257bcc41b72c335b0ab0657050203bfafb55b322560a0d9d2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd