Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
299s -
max time network
279s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-en -
resource tags
arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system -
submitted
11/12/2023, 12:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.megarecargas.online/
Resource
win7-20231130-en
windows7-x64
6 signatures
300 seconds
Behavioral task
behavioral2
Sample
https://www.megarecargas.online/
Resource
win10v2004-20231130-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://www.megarecargas.online/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133467712199848775" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 4072 chrome.exe 4072 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeCreatePagefilePrivilege 3032 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3032 wrote to memory of 3128 3032 chrome.exe 57 PID 3032 wrote to memory of 3128 3032 chrome.exe 57 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 4020 3032 chrome.exe 89 PID 3032 wrote to memory of 468 3032 chrome.exe 91 PID 3032 wrote to memory of 468 3032 chrome.exe 91 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90 PID 3032 wrote to memory of 1548 3032 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.megarecargas.online/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffefa49758,0x7fffefa49768,0x7fffefa497782⤵PID:3128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1884,i,8828221486390768264,12780179069528154262,131072 /prefetch:22⤵PID:4020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1884,i,8828221486390768264,12780179069528154262,131072 /prefetch:82⤵PID:1548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1884,i,8828221486390768264,12780179069528154262,131072 /prefetch:82⤵PID:468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1884,i,8828221486390768264,12780179069528154262,131072 /prefetch:12⤵PID:3904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1884,i,8828221486390768264,12780179069528154262,131072 /prefetch:12⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1884,i,8828221486390768264,12780179069528154262,131072 /prefetch:82⤵PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1884,i,8828221486390768264,12780179069528154262,131072 /prefetch:82⤵PID:2076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1884,i,8828221486390768264,12780179069528154262,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4072
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4992
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:1852
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:1668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD59af8dbaf1a951df90ec48150c1582323
SHA15f4cb2e06cf67107b7501bcc51f2db7c4655d3c0
SHA2567f424cc192c959d44e4c7881948d3e39c4439b7bef000ff12eb872d84765c4bb
SHA5122e0d05c931c8939d56df2ee8e3ecda624d3eb1ef284e975eb20c496a931bf8afbe91a94d61eced7183ee9b9c909d4b5461b33a327478f56ab3c122fd1ebba389
-
Filesize
72B
MD507f118979647988f2e399d77fd3d2963
SHA14b0c437af8b2c60f29d888033a73f8889e6b678e
SHA256af3d405a5bae6595294c4e4f374a5ec87f6f6650f8df25bfffb23acd6816ce5c
SHA5121fa777dfba6d3fac8a7536d34362fffff5b7548bda827f0a67ba1c8383c18564cfe6bfb751a7be8e1e1d29cb302e8d9eb745098f8bd1525758f551b04b50d2a4
-
Filesize
2KB
MD5309b5265d8e4e38362628023da787a66
SHA125a095426ceeab835bb616354ddf6d76d10bc5ea
SHA25633de156ca1af2c1c51992f6f3523d8cb3e63df2af3dd78d539f3e1a351b84204
SHA512cc4e45e80d8ade78d2b9425d9875092d98235ff59607f7368add93490b8e4db948f1b71b1ecf07e6c15214db9a6dd6f3135b8a1235eb03d292ef994e498b23db
-
Filesize
6KB
MD55b2d8c41c16e97b099dd9817472a3c9d
SHA13e77abbec142866c23452908dc372c8932d6389a
SHA25665e960f966124cdcaaedb7c336ebf50d5491445e4a8a942f1f75a7cb80ca9980
SHA5120306292313c5bf3d6decee8cfc5129ecdff88c79e3f178d74f0be0c569a11112cf13c177ca6bfcceb890dabf405b5b9d1f5667b3a9612799dd2f334030124349
-
Filesize
115KB
MD5729cf74f95a29acf330739b193079416
SHA10f54ab6394b773afaa1f456cfe33099ae2b70051
SHA256fc9ea6213ac48898a730267a6c777a8164d1ddce8102c87610331bff16fec84a
SHA512c47aa29a6d255e41d0b46aa148f5c9db212ad264f30d50dfa758705af07e924031e6b875fe10417a94fb02f0dd8bf98a7def01bf46d5c20a05b822224d86811c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd