Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
286s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
19/02/2024, 21:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/yaron4u/EnigmaCracker
Resource
win10v2004-20231222-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://github.com/yaron4u/EnigmaCracker
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528523680842453" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1612 chrome.exe 1612 chrome.exe 3788 chrome.exe 3788 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1612 chrome.exe 1612 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe Token: SeShutdownPrivilege 1612 chrome.exe Token: SeCreatePagefilePrivilege 1612 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe 1612 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1612 wrote to memory of 1736 1612 chrome.exe 83 PID 1612 wrote to memory of 1736 1612 chrome.exe 83 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 3512 1612 chrome.exe 85 PID 1612 wrote to memory of 2560 1612 chrome.exe 87 PID 1612 wrote to memory of 2560 1612 chrome.exe 87 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86 PID 1612 wrote to memory of 3436 1612 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/yaron4u/EnigmaCracker1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdde279758,0x7ffdde279768,0x7ffdde2797782⤵PID:1736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1872,i,11248556932023374318,3361271570508297718,131072 /prefetch:22⤵PID:3512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1872,i,11248556932023374318,3361271570508297718,131072 /prefetch:82⤵PID:3436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1872,i,11248556932023374318,3361271570508297718,131072 /prefetch:82⤵PID:2560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1872,i,11248556932023374318,3361271570508297718,131072 /prefetch:12⤵PID:2308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,11248556932023374318,3361271570508297718,131072 /prefetch:12⤵PID:628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1872,i,11248556932023374318,3361271570508297718,131072 /prefetch:82⤵PID:2012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1872,i,11248556932023374318,3361271570508297718,131072 /prefetch:82⤵PID:4616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2720 --field-trial-handle=1872,i,11248556932023374318,3361271570508297718,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3788
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58e4d73e6c769653e2f750d8786551283
SHA175b29c5cbc26624e869e35657cdd3e89234762d8
SHA256977ed4a1873f5690db4dcc6a8dffad00542a644eae2f4dc5ead8efbbbbb3e490
SHA5121d5cfab066420268da1be56a1d50c2ed9f6b4e5580761dd42bd1c86292aa8763020adcb73cd877f3247a9aa588fcc3a2a1d6e1cb4b0343d06982701a8ba0c71d
-
Filesize
1KB
MD59795ce4ceb365e7033cc548079015d9b
SHA13a26937cd3c137f0818dc71f5b98aa08eb842ada
SHA25604a6d492d98d79eeb13e6129873e1664d8264632268fd494ee2c84eae4850e30
SHA512056b0c4685a4fc8f6f3357600e131a218e9381f7e9d7d825848a667511b713ed4310ab66746c7398730d5a41275e2cb74db57c2e5632e3f709dd5e3e3c7afa18
-
Filesize
1KB
MD5e70cbc55bcf261766ea28dc8b3afdd4d
SHA1f53225cbccadc6e6398c612eb926d95e9c3b53dc
SHA256be1f32f5c996d3cf18f9d0311ca1c281be8355e988ea99d515538b554992517a
SHA5128333bf948d1066dd21e52c3024ef81f9427891c200de16f0c4555b6382981ba47434e2fa8178dcce73cd803de22d9904cfe0fde2b40531f2ca779039a71e22e9
-
Filesize
1KB
MD5d070e600d9ca454bee26c75575a87434
SHA1ee6c922bb98852215070d4bc5506dc215ce48a24
SHA2567985e25de342345c56cc31a48e389b2f1fabd7bc6d175279512265c06d19d4bc
SHA5124667dcd27859b6def1bdc63b76dbffba2dbc9371714aa7f160cfcd3643ee4eaa9f4b2285d1416e3e9d078ae230c85aa48712ca744251528e5ab1b2c4b8461ebe
-
Filesize
1KB
MD59f963f263516a9b5d0313e1a026ccd90
SHA18fd52d44f22736d696afa3c8d06967779507987c
SHA2564ac2fc02d20738f4f173df613f2710c0e85aa87fb269d917fc864d01af56b13c
SHA5128bc97de41f6423782abbb94596491acddcab9d3f2d5a79bb245e52381c167438cdecbdeca61956afab8606964d65277a3816559c080b7e66b2ef9640065b3585
-
Filesize
6KB
MD50265c4e963250f96e99fbbb51b071236
SHA180717bfe85ea8f4e065fb371e87e9ce0eee087f7
SHA2567c4200fa545b07a0e3133b524c47571c614847bf55d062e2a08c56896af871c6
SHA5129c3392225728dcfdef5c006fef4b234ee3f752424b423ccd23fcc78450af53aad063d06e796ef2f65a2ac282dbf0fe969647863608b51c3377262acd8d0f5d1c
-
Filesize
114KB
MD5dc19df974c8e18e506967e522561cdf6
SHA182cffe34d056fbac6851f2b1a576fc0844e11209
SHA256c659441fe78df311ff07e9a48a3a6dcc099c5336aa3aeb97596618dd74c4e63f
SHA5128823857738539921a5864560eaafe072394eb2d2e265e04d0a91ced443e2daf1f9aecf877efce753b505c6400d803b331e263f2fc1e65b558661e1c10b156a63
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd