Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
58s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/02/2024, 15:13
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/pankoza2-pl/JSON.exe-Malware
Resource
win7-20240221-en
windows7-x64
6 signatures
1800 seconds
Behavioral task
behavioral2
Sample
https://github.com/pankoza2-pl/JSON.exe-Malware
Resource
win11-20240221-en
windows11-21h2-x64
8 signatures
1800 seconds
General
-
Target
https://github.com/pankoza2-pl/JSON.exe-Malware
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2192 chrome.exe 2192 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe Token: SeShutdownPrivilege 2192 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe 2192 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2192 wrote to memory of 2988 2192 chrome.exe 16 PID 2192 wrote to memory of 2988 2192 chrome.exe 16 PID 2192 wrote to memory of 2988 2192 chrome.exe 16 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 1964 2192 chrome.exe 30 PID 2192 wrote to memory of 2512 2192 chrome.exe 31 PID 2192 wrote to memory of 2512 2192 chrome.exe 31 PID 2192 wrote to memory of 2512 2192 chrome.exe 31 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32 PID 2192 wrote to memory of 2576 2192 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/JSON.exe-Malware1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7849758,0x7fef7849768,0x7fef78497782⤵PID:2988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1240,i,13669151632099041834,7416563922000862386,131072 /prefetch:22⤵PID:1964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1240,i,13669151632099041834,7416563922000862386,131072 /prefetch:82⤵PID:2512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1240,i,13669151632099041834,7416563922000862386,131072 /prefetch:82⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2140 --field-trial-handle=1240,i,13669151632099041834,7416563922000862386,131072 /prefetch:12⤵PID:312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1488 --field-trial-handle=1240,i,13669151632099041834,7416563922000862386,131072 /prefetch:12⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1436 --field-trial-handle=1240,i,13669151632099041834,7416563922000862386,131072 /prefetch:22⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 --field-trial-handle=1240,i,13669151632099041834,7416563922000862386,131072 /prefetch:82⤵PID:1196
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
5KB
MD521dc6da6df041c0ababf2f087224fb90
SHA1c79c54775c4ba560ed81d74f736d2b900bfd5c7c
SHA256ed5c1cd1d9221899c57339f748fc287d25cc490b5576c5f7c59713d4321dc403
SHA5126cf4543c8557e4b6c7808f527d8aac3372a4514bba62f216c90eb8ee9bdd2baf1896782c52817a98b1bda3b730473862d2d5d5c124f308c1a990b8e341406430
-
Filesize
6KB
MD575ea9e2b1a595143f0f679fb6c7ae3dd
SHA1d8368556718054e0b17d3c528eb1af1b017e20c0
SHA256d41f607c9f8b2337755a087f281bcbc988fb204b5adcf5765b1db0e53299db87
SHA512e90d9d937f4b695fb9fb97d3801a6303ec4cd7f1b6eb68fe5a9828552f1d7a099076a54b59e329b1d6e0dc87e1ba24afeefa3d7876033162ddce2017492ab68e
-
Filesize
5KB
MD51ce7a0fc49e1db59e3b20563a69e300b
SHA19312d33d1d7fe84abc5b9c9ee3dd4066734d501a
SHA2564238b106501aeaa89497ebfa66ae2cee7f85ac7ea945fc1417e56bc4661b3f81
SHA512195e30f33344c868dc85f994d89707e8ec64adf7d435b96246a6ce5e637162c0907554619b5195a1915c6e4ee53f4b55dbb9dcb4395f8b192cc39b5e67e7342e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
130KB
MD50af8983099a5e0cc7cb926bb8b3b3c3d
SHA147df7fcb4d5dfd693d12315e04467726edc06585
SHA256c99c5c1a65b3457d1fb55b518ff5e114f361cd3f03f1b8a27e7559247f7ab040
SHA512f43067919a0fc39c9da9344c4b88056e30bc063c157ea164c894ceee8c0312bd13f2d682c96903048ef29814d15f3d706b7c9eac921ed3276cc06a8218920312
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
130KB
MD59e0287b54562133dc2bb75c5f37f74a5
SHA10d992dc521577ea580f9c70fe660d328e06838b0
SHA256aee9d22eef5f1aec8cbd472a1fd3dcb04855aa5a3af1635ebbfc918ada4c2a6a
SHA5127e180eea22c8f813ecb48e0d7cbd64eeb96a92fcf2f41612666bf8c450b67b4f4dcd7581164360bfc452324c5d0fff9e95d3506203c0ea0ad6c21f9492dcb0ea
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63