Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
18/01/2024, 00:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.dropbox.com/l/AADQ4_L-At7J1Nd1nhAb8OSImKHySEFBDLo/report_abuse
Resource
win7-20231215-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://www.dropbox.com/l/AADQ4_L-At7J1Nd1nhAb8OSImKHySEFBDLo/report_abuse
Resource
win10v2004-20231215-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
https://www.dropbox.com/l/AADQ4_L-At7J1Nd1nhAb8OSImKHySEFBDLo/report_abuse
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2264 chrome.exe 2264 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe Token: SeShutdownPrivilege 2264 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe 2264 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2264 wrote to memory of 2536 2264 chrome.exe 28 PID 2264 wrote to memory of 2536 2264 chrome.exe 28 PID 2264 wrote to memory of 2536 2264 chrome.exe 28 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2992 2264 chrome.exe 30 PID 2264 wrote to memory of 2400 2264 chrome.exe 31 PID 2264 wrote to memory of 2400 2264 chrome.exe 31 PID 2264 wrote to memory of 2400 2264 chrome.exe 31 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32 PID 2264 wrote to memory of 2932 2264 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/l/AADQ4_L-At7J1Nd1nhAb8OSImKHySEFBDLo/report_abuse1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7099758,0x7fef7099768,0x7fef70997782⤵PID:2536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1216,i,17403533122302178646,3287835929484860320,131072 /prefetch:22⤵PID:2992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1216,i,17403533122302178646,3287835929484860320,131072 /prefetch:82⤵PID:2400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1216,i,17403533122302178646,3287835929484860320,131072 /prefetch:82⤵PID:2932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1216,i,17403533122302178646,3287835929484860320,131072 /prefetch:12⤵PID:1316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1216,i,17403533122302178646,3287835929484860320,131072 /prefetch:12⤵PID:2416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2808 --field-trial-handle=1216,i,17403533122302178646,3287835929484860320,131072 /prefetch:22⤵PID:1504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 --field-trial-handle=1216,i,17403533122302178646,3287835929484860320,131072 /prefetch:82⤵PID:868
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.dropbox.com_0.indexeddb.leveldb\CURRENT~RFf765419.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
853B
MD51bd328911e16557f494bcce77303ae31
SHA187cd767b33b7b3d0e0d42039b3224d6500311c58
SHA256d663a65b248dcaf426bc88adf5c8bf43b8ec7307a4bb26d12730c15d24f25126
SHA5123c5d5b1c5b82196ada1c4c4b7d5aab7823ea44eb89e5ab4a72bf7a555be3c3d3b08a5b5d52530f9e792dcbcfcf29140f8e087408f37035795ce5c62db8c6517a
-
Filesize
853B
MD50d3aabb43d1289c929a88782294aed57
SHA1570a44b5ff0568a3f9f6519e8b4bb15f5b682b58
SHA256e756abdbd93f0a96432ead2aed484ae3b75a1e72d1cfab069514fd6191e23ff5
SHA512918e607aabe9697e058d3a067ef8bec0e0df176699d78ed59975b227cdb0869f9199a56e500c81eefb72bc6c5bc50bd4cfe430360d06b49cb366831bbf12b7ba
-
Filesize
853B
MD540429dd4f3f34d418e3f0a1ff485d68e
SHA1c68e8fe68f08405b0b890003e9f0d6e06047676e
SHA2566ec0c11cdc1d9c5f3a36583cb7de5b63a03687a5719cac8e7b9f7aa8d0e118b8
SHA51228a8e0a4cc8af0ee440fd424f52e0ce211d79664b90183e0e5d7899fdccbbf0c29c67622fbf205bef5322799fb5e5f96e9908c26ceebde876acb5a2de6e9c152
-
Filesize
853B
MD5c088d463bfc6451d9b675e67d9256610
SHA135266f2288854d83621212b3528f7768e9311b49
SHA25691a6ec89ddbecd80e7d8a23eaf1d070eec6d244ecdf9bbb4e4f17eb5d17bb8ea
SHA5122461e051c4e084aaf9ac1b4afc16d63ae7968eea907c483124c8344c5c9da4a45315b8fbece93922a5d1313ca6d93da9d76b5da4f3a760271617fc5b72d3a221
-
Filesize
5KB
MD5a6f9f8b1d10b08b318c9ef3860981a34
SHA1b1316bdcf0209b72d27fb473e9d174d645dfb680
SHA2569d3170205aea4c45fe05cbfb041071a9ae4ffe4047b1dbf5a3f546e79f223662
SHA5126464c00d72ad46bfc4b1a28da7b6ca894bbabd31b259c8b3b39b8630bd3506cc2f1189103be7e11748d02d50482fffbefc250636c9a40f8bec5cca8bacc9f7c8
-
Filesize
5KB
MD583631471ea8758aa0c2dbfe8b40d59fe
SHA1371985ad856885d2f00c4932902b761cfa4568cd
SHA256dad8f9836452dd63e1b61e41accfbf4990fcc4bc89d998c1c3d13f723cb46739
SHA512747aa2452158c7dc7d97135e7c32337d4172fd3d159b78dbfb29cd2ba64d02b2de89a9e999b1b75770da33e5855f27565d5badd2342ea16f72b908db350ef248
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2