Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
157s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
03/11/2023, 14:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://myectr.com/MY2hyaXN0b3BoZXIuYnppa0BtYWNrdHJ1Y2tzLmNvbQ==
Resource
win10v2004-20231023-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://myectr.com/MY2hyaXN0b3BoZXIuYnppa0BtYWNrdHJ1Y2tzLmNvbQ==
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133434956884953297" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 712 chrome.exe 712 chrome.exe 912 chrome.exe 912 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe Token: SeShutdownPrivilege 712 chrome.exe Token: SeCreatePagefilePrivilege 712 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe 712 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 712 wrote to memory of 1160 712 chrome.exe 87 PID 712 wrote to memory of 1160 712 chrome.exe 87 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 4556 712 chrome.exe 90 PID 712 wrote to memory of 3844 712 chrome.exe 91 PID 712 wrote to memory of 3844 712 chrome.exe 91 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92 PID 712 wrote to memory of 2856 712 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://myectr.com/MY2hyaXN0b3BoZXIuYnppa0BtYWNrdHJ1Y2tzLmNvbQ==1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:712 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff853f49758,0x7ff853f49768,0x7ff853f497782⤵PID:1160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:22⤵PID:4556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:82⤵PID:3844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:82⤵PID:2856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:12⤵PID:1924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:12⤵PID:3880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:12⤵PID:3140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3108 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:12⤵PID:4572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3400 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:12⤵PID:4688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:82⤵PID:4344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:82⤵PID:4912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 --field-trial-handle=1880,i,3279505842578486324,4605831199436416891,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:912
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1744
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120B
MD5be246a6ed5da8d0f5550c5fec02154e2
SHA1de2ef716eb66479db7b4ce331b4c1689c227df15
SHA25681e6a941e1865c62d9e48bf4ecec19ae55518bd2ec8ae7ca8bc96c73e5634852
SHA512901f28a9088bd54c593558e9f280add70847711af1aed6c2f9dcef0ef83c64d2f8862345a912d6763e6d4479151305febb36185880eef407d88dee1e67e16ffb
-
Filesize
2KB
MD5d7e76900c4785c8227bba6a1053b85ce
SHA14ba0129d585d4fe20791be683f428df6194e9a07
SHA256cb1dcaf785c61cf05aed6471b3778981ab374080ea06e7225a8e5ed1b24b13e1
SHA51271e8843deafb0134ee252a9ec18d1ead4a9522858efc52ab7b1b91522b892f886210cb622f18fb5683e003365b639b63c2482eac539d413b634116ddd0973281
-
Filesize
1KB
MD5cf93f7b3758d20119e1d204007a92205
SHA1c318a52103672d3ec97a63ff7866ec75f1bdc34a
SHA256831b5d5ffcf9538dbd21f22e5e79095d125fe89f920cf11848ed9735175391a5
SHA5129f5c9317ad01a8d125329f2bca511b045c0d7c33a78043e9e921b6ccc321ea9b7138ca5e0f55111ff5f8c9f4a36dc1edb6c2cdff015ebab22597312022b426ff
-
Filesize
6KB
MD575a96093c56c069148c96f269e75b8c5
SHA12d2c870943876f6bfbd5da42419240e5f430954c
SHA256805701a361d39cff1fafc443e6160bda6c0eaa06f453544a8a30a62db67e225e
SHA512ef38971dc18c3149f8ae38d1d34d57f8358d9ae45e68e4cb05747b5e78488009f9e0e12ee863359fceeff9d607e639ba5a88405916af26c5be26784ebc584bd5
-
Filesize
5KB
MD59f7c20a7892f8d31a15c9fdbba6ff7a7
SHA17dc9a6d2cee35507828f4504474a24fb68febf0b
SHA256903bf5922b673441a5a2bea2d1ad961d93514901e7ca7590ca11a676389d9803
SHA512247f70ffd105f5aa17b498411baf97cc4819ea4317a9dba439ee9814d96a44c9c88bd1855159f05f7d962963b10f6520726e1229769bd483ff4c1047770ac311
-
Filesize
5KB
MD5e74baa69b7bda1f00e831e499ebecf53
SHA1f698d4e210f85e7953b3dabbf09749b3d945dc75
SHA2568980a6609d511394675e79c4199d1cdd7c2bba0c909d151347c6089742abe013
SHA512a685be6a001fe22db206a162372a345cacd1e827e0f625b204283c827488aea05569ff89ad51cdb069046502dc8aeefbb50e48f106651e7bdefbd9c693ab25c0
-
Filesize
109KB
MD56be34917ae4992d3fd0fa0eae8ce5499
SHA1de517dd614af6a08497fbaca6b7a6c3badf9950b
SHA2562d9b2c7034312788a443bceebb9552481456bd4a3d3753b6d4a8df666a10368a
SHA51250a89b6ef61e086bb0ce98d656cb27676e321e49f3930852602e9970faad39521a2de6c72b6492934ea00ed59cc61c560de2d8c5ae7dda2af857b65cb6707c9a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd