Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
265s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
09/01/2024, 23:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://commbanks.us
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
http://commbanks.us
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
http://commbanks.us
Resource
android-x86-arm-20231215-en
android-9-x86
Behavioral task
behavioral4
Sample
http://commbanks.us
Resource
android-x64-20231215-en
android-10-x64
Behavioral task
behavioral5
Sample
http://commbanks.us
Resource
android-x64-arm64-20231215-en
android-11-x64
General
-
Target
http://commbanks.us
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1988 chrome.exe 1988 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1988 wrote to memory of 2312 1988 chrome.exe 28 PID 1988 wrote to memory of 2312 1988 chrome.exe 28 PID 1988 wrote to memory of 2312 1988 chrome.exe 28 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 3024 1988 chrome.exe 30 PID 1988 wrote to memory of 2884 1988 chrome.exe 31 PID 1988 wrote to memory of 2884 1988 chrome.exe 31 PID 1988 wrote to memory of 2884 1988 chrome.exe 31 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32 PID 1988 wrote to memory of 2040 1988 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://commbanks.us1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef67e9758,0x7fef67e9768,0x7fef67e97782⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1340,i,14310707190057831774,13208278935012858340,131072 /prefetch:22⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1340,i,14310707190057831774,13208278935012858340,131072 /prefetch:82⤵PID:2884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1340,i,14310707190057831774,13208278935012858340,131072 /prefetch:82⤵PID:2040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1340,i,14310707190057831774,13208278935012858340,131072 /prefetch:12⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1340,i,14310707190057831774,13208278935012858340,131072 /prefetch:12⤵PID:776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1340,i,14310707190057831774,13208278935012858340,131072 /prefetch:22⤵PID:2908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 --field-trial-handle=1340,i,14310707190057831774,13208278935012858340,131072 /prefetch:82⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3720 --field-trial-handle=1340,i,14310707190057831774,13208278935012858340,131072 /prefetch:12⤵PID:984
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5caf85861a0eb4de8edc5ee8f0844eddf
SHA19bd4e349eafed173b4238b4d8b36a742031e69e4
SHA256822b55448ad8abf37889923e5e6efcbcba16e32b50f3b15d0d5736ff9157cf09
SHA512463f30e434b139929f68bdb72f2a9db5a6519ad35541cab0a1f38f9184b433684569410db7d6894b87cb3551d1202d7cb0b278d01596112bcecacf799e87644a
-
Filesize
2KB
MD552745f33216b338a182c74e1051749f3
SHA18bcabcf2cb32e592ccdd33e0bcb9060b80bf0569
SHA2568669b565242f7447b8ce73e5ab6eac5b4ba781595b87750a20c58a163d05c494
SHA5121670e2c8fa5d3f6d780597c8b9acd20f85404694ea767bd74bf8cc1bf5cc38d5554a7e6585eff5cebfdc46154752e437a88f7ebc7e4f197bbe124ffb24f81b49
-
Filesize
2KB
MD520e5a53cc42874c9d00847b4cc7d5d80
SHA1a1924d7a677d9a611be53afbb8ff9029b712b2fb
SHA256a3c2cc361fe6a74f6b41750ec1ecc8fecd941968adf6cb65f4a13b6282496920
SHA512826f30300806772b71c65d8b55b23acf474ec794397bf455ce464139f10244dbb4f988a8af8bb36a80ba837a0541a28cdb8baa3fc686dea3d48c6bd58f833d69
-
Filesize
363B
MD5539b261305dfebf9a0aab0248d8e6188
SHA16dfcfc91e444a3fc451f3434b1b9302cda6d6e8a
SHA256882b94743ccc1944897df30c14ba1e92911411e8e1d4b3dec5cbff53bc6c4aea
SHA512795d694870abd7b11f64a6a9582fc9dc354b1a0abba36512ba527e9564072ebb3b0a0a5c201fd225efe4fe8746d6c93f89a1fc4af3466adc1633e229c0c0d7f1
-
Filesize
4KB
MD5eecbf710af2dc6d49456976b95d8e0f4
SHA1d971ec41167a5fa755d102f961288732e8009a20
SHA256de173e82fff6e4504c5f334f0d916549495eb01f299ac2a497b3d53f44dcda9a
SHA512f1a4dd7aef8e748c02ccb030396ad1c4299d4c5d58536a5fdc4a742259dd26e93843279a3060e0b9fe2ba2f55ec83d3a8931dfcbc02ef063008b13cf0ca77ae3
-
Filesize
5KB
MD5a8356c61c35038ed33b8ba9e224cb959
SHA10b78ccdc6fcc50a47db15caa09df5b581bf89bab
SHA2562e3742ca638cea0055908868a613122cb5cabc0a9bf7d874b575786423f75f38
SHA5122f0ba97db4b2dde36176167f8b4bd9a979a9d957af52ec746506efb66edaba03d00756d08ce60037f20e82ed83b5ce3e8d3a33b2218785c63a3293fc99b9a85f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06