Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1799s -
max time network
1692s -
platform
windows10-1703_x64 -
resource
win10-20231020-en -
resource tags
arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system -
submitted
28/10/2023, 16:58
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://krnl.place/
Resource
win7-20231025-en
windows7-x64
13 signatures
1800 seconds
Behavioral task
behavioral2
Sample
https://krnl.place/
Resource
win10-20231020-en
windows10-1703-x64
8 signatures
1800 seconds
Behavioral task
behavioral3
Sample
https://krnl.place/
Resource
win10v2004-20231023-en
windows10-2004-x64
8 signatures
1800 seconds
General
-
Target
https://krnl.place/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133429860119893756" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1420 chrome.exe 1420 chrome.exe 3748 chrome.exe 3748 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1420 chrome.exe 1420 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe Token: SeShutdownPrivilege 1420 chrome.exe Token: SeCreatePagefilePrivilege 1420 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe 1420 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1420 wrote to memory of 1656 1420 chrome.exe 44 PID 1420 wrote to memory of 1656 1420 chrome.exe 44 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 2036 1420 chrome.exe 74 PID 1420 wrote to memory of 1408 1420 chrome.exe 72 PID 1420 wrote to memory of 1408 1420 chrome.exe 72 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73 PID 1420 wrote to memory of 4180 1420 chrome.exe 73
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://krnl.place/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff87b289758,0x7ff87b289768,0x7ff87b2897782⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1848,i,5678348365163176925,10260044732146057611,131072 /prefetch:82⤵PID:1408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1848,i,5678348365163176925,10260044732146057611,131072 /prefetch:82⤵PID:4180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1848,i,5678348365163176925,10260044732146057611,131072 /prefetch:22⤵PID:2036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1848,i,5678348365163176925,10260044732146057611,131072 /prefetch:12⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1848,i,5678348365163176925,10260044732146057611,131072 /prefetch:12⤵PID:4140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1848,i,5678348365163176925,10260044732146057611,131072 /prefetch:82⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,5678348365163176925,10260044732146057611,131072 /prefetch:82⤵PID:1488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1848,i,5678348365163176925,10260044732146057611,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3748
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD53ffdac7a4dca56035440d970cca3d581
SHA10058eb7a43db278bfdcf8cd742240c543ae2ced7
SHA256770c1753ecb4f127a4217dc35d553d98fa36312e1114663701eb970fad1d11ed
SHA5120e4d48f054ac9bfc0eb2af9b3eaad942f8d7bd87ec81b56929f521adfc0b381987286a7f2b98eddb5aa412b01c501f66984744abca645e86dd93179fa4c226eb
-
Filesize
5KB
MD562f210b0b886f0f1a2559fea4bfa3a30
SHA1ce3e379d2c7e7d2bd8899e8111cfbb98f7f78cf7
SHA2566a7b4dd65ccd588aac8d2fe31965b7153db05bdfb3db51cfd0c7b29baf183c50
SHA51264314b280dde6d3285bcdee42913b0359d46cde3b48e79427fe8011b3ce998ed1c7fa7354946a0a957b474f4f3d256ab3ca0d56f19e81353750cd78465eb0f59
-
Filesize
6KB
MD5b381db62d2e0e4fa9a439365f7e46e7c
SHA1e5542032e1cc059a57c823e1af4d5ae7e8b067b3
SHA2567f15a06c1666e5d060ab378e65d5d97261d115e034c5fd48a5dac623d2dffaf2
SHA512ccf58d125c3a241cb8e855f185487101fda8981fce0df5c042f2091c22f91ba9c7a71e30d76bf202e306f6cde003bfc55ed3a78aa65fb31f996a62cc3794e53e
-
Filesize
5KB
MD5ce33230bd798dc6b20194a1c1c45143f
SHA13555edf5ac505c63e147eeda469d620777f6ab8e
SHA2565766467c0246b32d3975a1199217366bad63f62703d22bf3d6e66b75715ed570
SHA512e9ff0a80a6cd36bd9a2db3eb8a668896c26d92cc8b3f970f354dac8d14e11d0fa46051c1e123125b2db9a9051df70b1113d57e0320abb6873b62c23a340dbd4a
-
Filesize
106KB
MD508e0b219ebbe7b3eda29df2620be7a39
SHA10418187650aa0ae734f4ab1c8c55e459dd115c95
SHA25684e6d298c22d31885870d8c8d4e77e8ffddd8406ace0ca81b17acdd08c83c7c3
SHA51296e1bd8fe8fc36c75031afe434eae800783df0df2e7deae6dcd30b9a5dd859fbcec54896aa1d5da0375e5424594096e941d3797f148e5beedc6a0a1481139788
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd