Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230824-en -
resource tags
arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system -
submitted
30/08/2023, 09:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://madworldltd.cmail19.com/t/y-u-pktulld-djjykyjhth-o/
Resource
win10v2004-20230824-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://madworldltd.cmail19.com/t/y-u-pktulld-djjykyjhth-o/
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{328BE69F-A46B-46D0-ADFB-ACDDD32965BF}.catalogItem svchost.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133378610089023651" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3912 chrome.exe 3912 chrome.exe 4872 chrome.exe 4872 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3912 chrome.exe 3912 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3912 wrote to memory of 1136 3912 chrome.exe 71 PID 3912 wrote to memory of 1136 3912 chrome.exe 71 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 1476 3912 chrome.exe 86 PID 3912 wrote to memory of 4640 3912 chrome.exe 87 PID 3912 wrote to memory of 4640 3912 chrome.exe 87 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88 PID 3912 wrote to memory of 2860 3912 chrome.exe 88
Processes
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
PID:224
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://madworldltd.cmail19.com/t/y-u-pktulld-djjykyjhth-o/1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb63e59758,0x7ffb63e59768,0x7ffb63e597782⤵PID:1136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1804,i,10406335897623537721,2626171568846484527,131072 /prefetch:22⤵PID:1476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1804,i,10406335897623537721,2626171568846484527,131072 /prefetch:82⤵PID:4640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1804,i,10406335897623537721,2626171568846484527,131072 /prefetch:82⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1804,i,10406335897623537721,2626171568846484527,131072 /prefetch:12⤵PID:644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1804,i,10406335897623537721,2626171568846484527,131072 /prefetch:12⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1804,i,10406335897623537721,2626171568846484527,131072 /prefetch:82⤵PID:4568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,10406335897623537721,2626171568846484527,131072 /prefetch:82⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=892 --field-trial-handle=1804,i,10406335897623537721,2626171568846484527,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4872
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4432
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5c2fb827e1be6b750c31d58f87b74e1e0
SHA12732e86c839387e961c83e6c880fac39d5c48c69
SHA25609827470e50b59207d2a9f94393d78a395665cbae60e8670dd3f07c3c26bbeb6
SHA512a6d2a8ee896926eb95a394d9971a697664f3290ef7f6ac2c96015b07bab6128fd62bdd0c4d89e954813edadd43637570a2302dbf71eaecec83d3636641e6b692
-
Filesize
1KB
MD58a9ede65f68ff643dd383f8f3d7e34bc
SHA182a91f1d457648cf06b3ff98dd974369c9f21d33
SHA25635ed70022926cce1e24af37653c54fd82948996f018d813bad1e954af4fcafc9
SHA512667ef54f35deb758d26163035e4c78a8b3aedb7ab590abeae920ffb842c9790f4ffe95a7de47636fb8abcfa864193143bcc48172fc2eba0421d1bdf5fc5a1c58
-
Filesize
4KB
MD58e41ef1295beaf5ed4d18efdb8fceb07
SHA1d07bdbbaa4365449c2423588feaadd00a3bc880c
SHA256f781e2f11237f5d6c88d331db11ad70305d3a05f83f5eedf576b035dc34b3498
SHA512049eac9a7175fc7cb814d9ac0ea8571fcd7addeba01f7f1ffd626b04b6a3853a0ed2aa83cee96f61c0c30085d6ab6c4512852600020b9a9b4ff36c06e26d2511
-
Filesize
5KB
MD5aefa9ad18c84b3acb17070d6d03000ea
SHA1b412d93967132651905fb67fc1d5f7605ca16761
SHA256cec661c31c3ec9fab209a35f5375b3b354601624c52b37e9b71d05761b3b3cf1
SHA512fa60153359f3746709c3490662f6abe611472fc7aef00c71cae97cecde544bd78c6e572aac9d456477529cacecbd572370cd7d697fe172375fc3b677522755cc
-
Filesize
4KB
MD52fb445932ddb156c790cf629d5fffb26
SHA1a60a2a2b1765f05c2f73838e17f6f8d057956799
SHA2563686544f2ec6aa69cd6b46d5d348cb5eefbfd6ee11793df0f9b2252258a3e6d1
SHA512bdf899890b6ec76f7639305c1ed494fb417cc7ff2ee77a8e7f15a2f7b826bd49cd0b7d9003149a0e76833d7091408239efeb9e843a6eef6a95ce3994017a0c3c
-
Filesize
94KB
MD57c183bbec89b07a1741a3babbd742772
SHA1792af0006859b02fbd4e78beae4457eabbc5e7e4
SHA25606294bfc378f133392163f61d476444ee209020f22885057c63207173526d737
SHA512a2ff435d3288b20a1ebc11964be41909bc40b9d6c2d8964dcbf142f8d480ecc93d5fa75f51ca28a347de370c33801a5a7ff84c92d4b4c604f5a5597e8a2c5066
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd