Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1799s -
max time network
1696s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
05/03/2024, 01:28
Static task
static1
Behavioral task
behavioral1
Sample
CC-NIGHT-main.zip
Resource
win10-20240221-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral2
Sample
CC-NIGHT-main.zip
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral3
Sample
CC-NIGHT-main/Readme
Resource
win10-20240221-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral4
Sample
CC-NIGHT-main/Readme
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral5
Sample
CC-NIGHT-main/ipbooter.webp
Resource
win10-20240221-en
windows10-1703-x64
9 signatures
1800 seconds
Behavioral task
behavioral6
Sample
CC-NIGHT-main/ipbooter.webp
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
1800 seconds
General
-
Target
CC-NIGHT-main/ipbooter.webp
-
Size
15KB
-
MD5
0d3a98a9bc6778a7c5fd2078b79fd208
-
SHA1
4f49b43884b5e040404fe523c963f470af9b1621
-
SHA256
9e485573b15b4b49303ccc0b1c01e6fc4bf2a58d73916fbff1559ed450986b53
-
SHA512
e3a03b145faa789648f4a66543091bf7fb6e4450862d104c076c60824fee0a8606a9f785627500ef914c3f14f674c0ab6f8d61b185031079fa8fe8be996672fe
-
SSDEEP
384:duTC7qBTbyNAm4aj8ZzxLcWWE+xGFpBba6nR5YLn2:ATfDZxLc9E+xsr9
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133540757740318260" chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3636 chrome.exe 3636 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3772 chrome.exe 3772 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe Token: SeShutdownPrivilege 3772 chrome.exe Token: SeCreatePagefilePrivilege 3772 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe 3772 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3884 wrote to memory of 3772 3884 cmd.exe 74 PID 3884 wrote to memory of 3772 3884 cmd.exe 74 PID 3772 wrote to memory of 1428 3772 chrome.exe 76 PID 3772 wrote to memory of 1428 3772 chrome.exe 76 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 3160 3772 chrome.exe 78 PID 3772 wrote to memory of 304 3772 chrome.exe 79 PID 3772 wrote to memory of 304 3772 chrome.exe 79 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80 PID 3772 wrote to memory of 4236 3772 chrome.exe 80
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CC-NIGHT-main\ipbooter.webp1⤵
- Suspicious use of WriteProcessMemory
PID:3884 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CC-NIGHT-main\ipbooter.webp2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd66f79758,0x7ffd66f79768,0x7ffd66f797783⤵PID:1428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1784,i,2360348737132561551,2101834904397495917,131072 /prefetch:23⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1784,i,2360348737132561551,2101834904397495917,131072 /prefetch:83⤵PID:304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1716 --field-trial-handle=1784,i,2360348737132561551,2101834904397495917,131072 /prefetch:83⤵PID:4236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1784,i,2360348737132561551,2101834904397495917,131072 /prefetch:13⤵PID:4568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1784,i,2360348737132561551,2101834904397495917,131072 /prefetch:13⤵PID:716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1784,i,2360348737132561551,2101834904397495917,131072 /prefetch:83⤵PID:4160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1784,i,2360348737132561551,2101834904397495917,131072 /prefetch:83⤵PID:3448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 --field-trial-handle=1784,i,2360348737132561551,2101834904397495917,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3636
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2160dc04-3a4e-4654-ab2a-ba73cc2f6cfb.tmp
Filesize5KB
MD5e0ad17ced742b61d552d3efd91183c5e
SHA1c10b36fc095531fab48adba38e0ac8f02ea9f9dd
SHA2569797efd877e5599b0191b50b2ca8782938c0dbc4aa97e421b7e8b5e85a6d7469
SHA51209b21f2cbe5c85c72b7e87bc83586813b8d49d2241f557f8f0444849a5f0d8359630aa0b7d9458ace8008469ecafb132da669316b8d663d8ce742662c30acaa0
-
Filesize
5KB
MD53c55e62a721f6f42da7da5a4b5df31a7
SHA182bdbf1651927b177c461602ac570bf316939da2
SHA2564ee19e7af3211884aa57ab22bb338ab9180f9ba9c559f6afdf4800b48df55eb0
SHA512107fb49bea78aa551b1a7b0255417beef94d4230b08f39a92fceceea6de03e7066c61075f2738ed73997016e997e9d43860ec48ab2fb9a074af424d0fb290753
-
Filesize
5KB
MD54885d188c63904a161816ed3d860a079
SHA114dfcb5d9f830f996e8a60de1443eac56c6a0437
SHA25676aa62e8e80098744028df8894b9974b055db72780752a0d700cd30358b87627
SHA5123c6d060db8a3a15cc459ab47efe51e4dcecd18de9e6a3bd0ed68e714cc988c3a53f42de4a7dce8181f94092ce3e653f21d6535a7800bb8dcac56c2ca7514dc60
-
Filesize
255KB
MD50517dc2a3b8f6d467a5fba3caaeccdab
SHA11474b2670f93c271da2a16cbeae0d8d6843e7d21
SHA256ed21a7c333205b6857f6d7cd768a041c098e6c80f5bb2d592678cedcbfd17077
SHA512dd9d11d6b8c196143ffcdc579a1e107d11f0fc4345255dcd49fa672bb3bfd6c4c2580fc5cebd4a0c84c893f35899c4b7da85c66cf863bdda0bcb0cd18f06790c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd