Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
600s -
max time network
486s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-es -
resource tags
arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
06/03/2024, 12:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Dfmaaa/MEMZ-virus
Resource
win10v2004-20240226-es
windows10-2004-x64
8 signatures
600 seconds
General
-
Target
https://github.com/Dfmaaa/MEMZ-virus
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133542023725127302" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3996 chrome.exe 3996 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe -
Suspicious use of AdjustPrivilegeToken 52 IoCs
description pid Process Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe Token: SeShutdownPrivilege 3996 chrome.exe Token: SeCreatePagefilePrivilege 3996 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe 3996 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3996 wrote to memory of 4748 3996 chrome.exe 88 PID 3996 wrote to memory of 4748 3996 chrome.exe 88 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 1684 3996 chrome.exe 90 PID 3996 wrote to memory of 3956 3996 chrome.exe 91 PID 3996 wrote to memory of 3956 3996 chrome.exe 91 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92 PID 3996 wrote to memory of 4616 3996 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Dfmaaa/MEMZ-virus1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4cf79758,0x7ffc4cf79768,0x7ffc4cf797782⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:22⤵PID:1684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:82⤵PID:3956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:82⤵PID:4616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:12⤵PID:2716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:12⤵PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3936 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:12⤵PID:2156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3420 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:12⤵PID:1308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:82⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4680 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:12⤵PID:3196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 --field-trial-handle=1964,i,1893012536142766549,11318933601958042232,131072 /prefetch:82⤵PID:4100
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD572a5d9cb2de0298869e44a844fba0bdc
SHA11256ab5afc0bb8608914b4487e0ed869e2d93923
SHA256faf4b553c3f1ec070611b2ff7e4ae1ca906d8f4e1f17117dc014a041f1d65a50
SHA512e4e5a763030e094793b6e137c69af7784198b1cfde6a6ee28b21d2bb19365621279c3f96cd99a50d809cd739462a924d1fb2f8edb7b6b01619fa9f9c3884af9b
-
Filesize
6KB
MD5bf6ecf59bbd0ef3e6cd468f0a65fc186
SHA1518a1308f7cd19e5b079f6bc64dd6d4a237b2b7e
SHA256957e028b45c69a07b3dc7bb5da055e8825a129194ac58be3bf867a7604155c07
SHA51281ea732f873dcce807fc6edf07ad2c55780fb485b17d10a6ec1bde7d68e1daded37541968474cfdc62412b053e5a203f7985ebd0cb185ea596a5a15f68657a6e
-
Filesize
128KB
MD5b5f78089b0d6f9257bb4c6747561ecab
SHA1a72e3253213f8ab6ae4124192b89d8cacd6ab141
SHA2561ec079bff703515ddaa678cfbfd26d04478c44175ebd617516228fed06f90fb1
SHA5120a2c0905df5574c60eb4735d9836d8a776e947dba1c7065e54a4e0a04029ebe9487cf99c65a0194911689d558dd5907f66014d1dd8e463942dd04edddebd8764
-
Filesize
128KB
MD56a39557122c25e997f10fd91410f1da6
SHA1cd9964cd7f2925918609f5a3f5f1eeec05b03fa0
SHA2561bc2e8e4cc5d0fe1291dc95a66e461b9e7261f0a31b94c196dfe2d153e0bb1f2
SHA512af82ba3d6509ad643a9e0413a00720fa6e9cabebdfb6d85995d020ef99b2a135468ebdb9bad80185cb6f47ca68182fe53c8f9ea42e36079b1f8196dc5cf488e2
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd