Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://rebrand.ly/O...

windows10-2004-x64

1

Resubmissions

29/01/2024, 10:28

240129-mhx3jahbhk 1

29/01/2024, 10:15

240129-majvyahaap 1

Analysis

  • max time kernel
    299s
  • max time network
    272s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2024, 10:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://rebrand.ly/Orden2024

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeac309758,0x7ffeac309768,0x7ffeac309778
    1⤵
      PID:2512
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rebrand.ly/Orden2024
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4208
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:8
        2⤵
          PID:3548
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:1
          2⤵
            PID:3588
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:1
            2⤵
              PID:3344
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:8
              2⤵
                PID:3492
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:2
                2⤵
                  PID:3136
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:8
                  2⤵
                    PID:4824
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:8
                    2⤵
                      PID:952
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:8
                      2⤵
                        PID:1944
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 --field-trial-handle=1904,i,16426802835358547565,9989185916637253852,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3116
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:1676
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:2408
                        • C:\Windows\SysWOW64\mshta.exe
                          "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\3A89246FB90C5EE6620004F1AE0EB0EA188694\3A89246FB90C5EE6620004F1AE0EB0EA6365325222976.HTA" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                          1⤵
                            PID:2080
                          • C:\Windows\system32\OpenWith.exe
                            C:\Windows\system32\OpenWith.exe -Embedding
                            1⤵
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:1700
                            • C:\Windows\system32\NOTEPAD.EXE
                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\3A89246FB90C5EE6620004F1AE0EB0EA188694\_
                              2⤵
                                PID:1060
                            • C:\Windows\SysWOW64\werfault.exe
                              werfault.exe /h /shared Global\8d16930dd1bd455baf7ef488c4a34d98 /t 688 /p 2080
                              1⤵
                                PID:5004
                              • C:\Windows\SysWOW64\mshta.exe
                                "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\3A89246FB90C5EE6620004F1AE0EB0EA188694\3A89246FB90C5EE6620004F1AE0EB0EA6365325222976.HTA" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                1⤵
                                  PID:4132
                                • C:\Program Files\7-Zip\7zG.exe
                                  "C:\Program Files\7-Zip\7zG.exe" a -i#7zMap19146:130:7zEvent14910 -ad -saa -- "C:\Users\Admin\Downloads\3A89246FB90C5EE6620004F1AE0EB0EA188694"
                                  1⤵
                                  • Suspicious use of FindShellTrayWindow
                                  PID:1976
                                • C:\Windows\SysWOW64\werfault.exe
                                  werfault.exe /h /shared Global\2d7fb1f72d2f49f69f892d9cec24d774 /t 4572 /p 4132
                                  1⤵
                                    PID:1936

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    c7064969212077f95d1ae427931c1e14

                                    SHA1

                                    aaa45602159ca78a50bc8b76ca91d75b88b2b7ea

                                    SHA256

                                    4d3a64bda96e4556232e30dadfe2a02cc532746255e8fbba0f003fb0fce48dc7

                                    SHA512

                                    29a00caed7702895dd5ef3ba7e04ee10b2235480a989a30d8382c62fee9e7ec06857f8ff93b88f1fabe0c50bb552a2867f01b4459f5a2058c8a7332ddbc569f3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    957B

                                    MD5

                                    1d867b2663dc06d98fe38760de8eda48

                                    SHA1

                                    60910004c72a4b1a77d06bca22db418b3263addd

                                    SHA256

                                    8b49ec17683996b84d7c35dcc8b9d4156e278a738310b82fd7ea99cb4f39e5c2

                                    SHA512

                                    8dadc69166356944cdd56ddeb415a1599d0900583e5f7bda0222803919debd170affcf4d8a88f59143439c18086672ce1e70bd8a452f066116b2dadb208b99d7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                    Filesize

                                    539B

                                    MD5

                                    a059dac0cb78f98804a7fba6bb1bc9cf

                                    SHA1

                                    b1c3dea18e6d06850596eff4a2b5f59547665f83

                                    SHA256

                                    b4ee8ba7c5a0d5c7af256aecdf473a38a96cc36adbe585adbf49360222556d5c

                                    SHA512

                                    c01b1bd73f63da2e104a90a13e3000ca8996a247497850c482a927b79f04fdb8ea34afe7915a923061b75b3e803e1d135f6740df9dd2c491c2f5d8600238393c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    b36696c96831f9315ae84ce41aa23d17

                                    SHA1

                                    161d2e94ce5da8d1ad448ac75a8931ca967bebe7

                                    SHA256

                                    dc672fb9eff2429a423ca5b132106acbd467451a8603b1392f74f48162956744

                                    SHA512

                                    ce1995138331772dae4e86e184db410930167a63f83a2602703c1631e9e43e69ef1a74460f27b759edb370efba55011acb5111e0a1f673f5d31bf225ab7db4c3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    114KB

                                    MD5

                                    4aeee16f1bde4c6d83bbfe18e3531b70

                                    SHA1

                                    0c268d9f35caed83a5fa8095cb15b0fed294adff

                                    SHA256

                                    2138c1e5779775492cb0b2b5d0b20fa49e14f7f9c3725bc7bff68df60098db5c

                                    SHA512

                                    fd143cd069f6207ff3eeee8e0e79d735a28c7a5ce17e1b350ba5066ceede2719a2912868fa73a936d3bc4cf7a32fc088795f7d4407118c7747629635e032ae7f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\Downloads\3A89246FB90C5EE6620004F1AE0EB0EA188694.zip.crdownload
                                    Filesize

                                    131KB

                                    MD5

                                    939ba548cba946fac883799e6a49c955

                                    SHA1

                                    93df7d557c2f86c6440ed41f30851e166f48c043

                                    SHA256

                                    b85a2d7eadbc872f0102569916c80dc25ee0fea97b5371760e4c4cc1cc5ba9cd

                                    SHA512

                                    6dd082360c1194156b8ba5609e14fcf79ecb40a5f9b0b1461fae70bcddb4d66efab2c84db1bfc2e57e3957e5c7458eab93cc6219284488e85747b13ebc911e2f

                                    Download Submit