Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
299s -
max time network
295s -
platform
windows10-1703_x64 -
resource
win10-20231020-en -
resource tags
arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system -
submitted
17/11/2023, 12:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://melcusme.bubbleapps.io/?cid=438709577524281689213838336398972216215240020133
Resource
win10-20231020-en
windows10-1703-x64
8 signatures
300 seconds
General
-
Target
https://melcusme.bubbleapps.io/?cid=438709577524281689213838336398972216215240020133
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133446990665278505" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4980 chrome.exe 4980 chrome.exe 236 chrome.exe 236 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4980 chrome.exe 4980 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe Token: SeShutdownPrivilege 4980 chrome.exe Token: SeCreatePagefilePrivilege 4980 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe 4980 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4980 wrote to memory of 1860 4980 chrome.exe 71 PID 4980 wrote to memory of 1860 4980 chrome.exe 71 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 5088 4980 chrome.exe 74 PID 4980 wrote to memory of 3440 4980 chrome.exe 73 PID 4980 wrote to memory of 3440 4980 chrome.exe 73 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75 PID 4980 wrote to memory of 4708 4980 chrome.exe 75
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://melcusme.bubbleapps.io/?cid=4387095775242816892138383363989722162152400201331⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe0e569758,0x7ffe0e569768,0x7ffe0e5697782⤵PID:1860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1792,i,6415584118020811817,5421860749606737522,131072 /prefetch:82⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 --field-trial-handle=1792,i,6415584118020811817,5421860749606737522,131072 /prefetch:22⤵PID:5088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1792,i,6415584118020811817,5421860749606737522,131072 /prefetch:82⤵PID:4708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1792,i,6415584118020811817,5421860749606737522,131072 /prefetch:12⤵PID:404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1792,i,6415584118020811817,5421860749606737522,131072 /prefetch:12⤵PID:2424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1792,i,6415584118020811817,5421860749606737522,131072 /prefetch:82⤵PID:2420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1792,i,6415584118020811817,5421860749606737522,131072 /prefetch:82⤵PID:4340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 --field-trial-handle=1792,i,6415584118020811817,5421860749606737522,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:236
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4884
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c762d92e710059e5607d58b2521efa0a
SHA1fcced16cb02440f39d55b1ef27062b282bc63e13
SHA256ef1dcada56192bf083e54cb6eef5afa0df18effd246d53a39c826346c26c205e
SHA512fd8988a8de7faf4eea1f5aaeff9d9468ce33994862cca08383c7656e39eb3235555fb7df13f16e26e3ca03c8b87a4d659701c06163e4aba2352f870867f8d640
-
Filesize
5KB
MD5665fe394b2c695d666d058f7ae491807
SHA1271bc51cdb31bcc71b23551decbd3dd7d6e216d9
SHA25656ee630059e50a87e6042d46d9f6538b53202f450d18e04b565a8ed4c84ab38d
SHA512ac6b399c7fc8c7f3bdf0b16ed5bcd956286be94dbe7080fed98f7d939f55e4a86016b9951ad24a830773449a905e257df8dd89d43b9b496421bc84e31ec2d7b1
-
Filesize
6KB
MD5aea9a150e2d870ab1e2f7266e6fbc622
SHA1a08f0d37470c98b110657d145111053c554a7e60
SHA256aca730e81448f91369ca7b0f716fa5aca2f55876b4eb6b80da622138b32755e3
SHA51290071b1850ad2d29a3c614eb22ddd61063ae05bfd47bb4a35f30d83ed16280be7cd8c8618a0b43c5d49ed5555829fe8cff56000bdb252729847bef0554c506f4
-
Filesize
5KB
MD5ce2c1d677a112fbb8034cc738c6436a3
SHA18ca47195e4c239c0c794a2d1f91fa2313fe9dd7d
SHA25682ae19bec5e5b105f87738957a938bbe10ad83ebc12f2464c4cc5caee03124bf
SHA5124f6f02f87aa67bdbbc73f5fda27c2c9e23e69bd028fc0515ab6625d701961cbced3067b0b1a5bf87f8f4e1278b69a8f7aa5d9ef3d13750351c0d6f2766caab9c
-
Filesize
106KB
MD5c62db294ca791e83045e5583e5dc219f
SHA190082bce0f042a724aea68887132ead68e74f134
SHA25637faee0c182bbb80512f9440a64cfe845da726971d5ba3d2944f3acd2efd3d5b
SHA5126d6f4b4da8bf562687a835a1c9a07bf81afb0bb9884d7e54c5122ffe043b8556a0c4c1fc2ac8013f56fa656a45833b06064923c105dbb40db794d0111acd9bc2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd