Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
30s -
max time network
31s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
15/03/2024, 13:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.kryptex.com/download?source=landing_v5
Resource
win11-20240221-en
windows11-21h2-x64
10 signatures
30 seconds
General
-
Target
https://www.kryptex.com/download?source=landing_v5
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549842324581330" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\kryptex-setup-4.39.2.exe:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2080 chrome.exe 2080 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2080 chrome.exe 2080 chrome.exe -
Suspicious use of AdjustPrivilegeToken 58 IoCs
description pid Process Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe Token: SeShutdownPrivilege 2080 chrome.exe Token: SeCreatePagefilePrivilege 2080 chrome.exe -
Suspicious use of FindShellTrayWindow 62 IoCs
pid Process 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe 2080 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2080 wrote to memory of 564 2080 chrome.exe 80 PID 2080 wrote to memory of 564 2080 chrome.exe 80 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 3580 2080 chrome.exe 83 PID 2080 wrote to memory of 2524 2080 chrome.exe 84 PID 2080 wrote to memory of 2524 2080 chrome.exe 84 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85 PID 2080 wrote to memory of 3668 2080 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.kryptex.com/download?source=landing_v51⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc35299758,0x7ffc35299768,0x7ffc352997782⤵PID:564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=312 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:22⤵PID:3580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:2524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:3668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:12⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:12⤵PID:1348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:4484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5228 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:1268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:1020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:2952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵
- NTFS ADS
PID:4260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5688 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:4580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:3432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 --field-trial-handle=1824,i,2486254438865827932,11321602782981428208,131072 /prefetch:82⤵PID:4152
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4840
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
538B
MD59b367d8958dfd5e2984b32b469f98433
SHA17e5283cf2da693e12c327c4d2c9fd736276367f1
SHA2563be77c6b920a72190dc7e2895329e994574df54b0f7b9106c19ee99ce0771005
SHA51236847911d2e4e4a74f0bc1aaecf1bc5435e387b3a56153b7d9120cadc583c35302188b327ea587ada164ef970dfb876e7bc6d731bf41c879b8fb63b393d0c655
-
Filesize
6KB
MD500af91833ccbfdda766ea53ab8eafba7
SHA17d98f8374fc4bd0b12516f95abcb7de350bc3d75
SHA2561e3e539265ca6d5a1e81b5f59a7bfda18c759b7e30285b29da6dbc24bdfa3dc7
SHA51200fd893bfe7035ca476149230b470c8f98ccbab28c7da670b040a7099f00b8e07c6d030b972c7df7d7416bb1663eb3da26f5a2657f12a74e356bb462d10ff54a
-
Filesize
6KB
MD5459d2c26db00bfc4f797bbf25e355e12
SHA118d22fb70e34ecdd28fb25228032aefa5c30da6f
SHA25616c94f68123d701cb82c2647b54ae96a7150193da486a83e1acf55b1b376fec7
SHA512ec97d7b266086171d67f81bc6652455af108b2caa0fb12042762734bb34ef28e11c7d6b084d58b0242a935f4a9d2cf2d34aed48f6d7f6ec18ab87be689272f03
-
Filesize
130KB
MD5a9507ef9c2b6926ae8487202e4ba41af
SHA15d78c1afe60083bed96b8374256046ceae0c2d95
SHA256ab7c5567134d414a3aa66493dad41803db42e16d4734378269d7502897003b0b
SHA512cc0f757a5115a3397ae78008a0047b61f59195d484680a4455862539527aee1774d3523c67398def8d37ad2a009aa8d5ab7d122a26c9df4c2b9ede8cfa242d11
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
25.2MB
MD5096d0826f42b93ea91ec520639caa858
SHA12042794729c0f341b655fb1dd226f6c8e5729e6d
SHA256f8838a3b16a61116021a4da38202c8b649cea357c01e2da5a90126427de1f110
SHA5122f80cc975a08e3ef139dac22cba27c82f1369794b6ca3d5bf8a074bcf957e9b10b81403ef4762dbc039886faa2471c2845f048f7af29160757e4b71f08366b58
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98