Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3dotNET_Rea...t.html
windows11-21h2-x64
1dotNET_Rea...LP.exe
windows11-21h2-x64
4dotNET_Rea...C3.dll
windows11-21h2-x64
3dotNET_Rea...in.dll
windows11-21h2-x64
1dotNET_Rea...in.dll
windows11-21h2-x64
1dotNET_Rea...ge.dll
windows11-21h2-x64
1dotNET_Rea...ge.dll
windows11-21h2-x64
1dotNET_Rea...ge.dll
windows11-21h2-x64
1dotNET_Rea...ge.dll
windows11-21h2-x64
1dotNET_Rea...in.dll
windows11-21h2-x64
1dotNET_Rea...cc.dll
windows11-21h2-x64
1dotNET_Rea...le.exe
windows11-21h2-x64
10dotNET_Rea...or.exe
windows11-21h2-x64
10dotNET_Rea...64.dll
windows11-21h2-x64
1dotNET_Rea...86.dll
windows11-21h2-x64
3Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
19/04/2024, 14:52
Static task
static1
Behavioral task
behavioral1
Sample
dotNET_Reactor/Help/License Agreement.html
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
dotNET_Reactor/Help/REACTOR_HELP.exe
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
dotNET_Reactor/NCC3.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
dotNET_Reactor/VS08ReactorAddin.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
dotNET_Reactor/VS13ReactorAddin.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
dotNET_Reactor/VSPackage/15/dotNETReactorVSPackage.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
dotNET_Reactor/VSPackage/16/dotNETReactorVSPackage.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
dotNET_Reactor/VSPackage/17/dotNETReactorVSPackage.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
dotNET_Reactor/VSPackage/dotNET Reactor VSPackage.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
dotNET_Reactor/VSReactorAddin.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
dotNET_Reactor/VSReactorAddin_Mycc.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
dotNET_Reactor/dotNET_Reactor.Console.exe
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
dotNET_Reactor/dotNET_Reactor.exe
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
dotNET_Reactor/runtimes/brolib_x64.dll
Resource
win11-20240412-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
dotNET_Reactor/runtimes/brolib_x86.dll
Resource
win11-20240412-en
windows11-21h2-x64
General
-
Target
dotNET_Reactor/Help/License Agreement.html
-
Size
20KB
-
MD5
06c924279196f41e26319f9bf5e65bfa
-
SHA1
3c0077fdcb7fe9d2414e8490a165c5d45c78ac75
-
SHA256
ea175c9d9d6597cc35aebc53a6bdc10e1e914c6d5d6fc6c19e0da78b11b4b137
-
SHA512
d3234456a399628e0e4178612c1ebb02a37e74c3226f7cf31a1aa0330644debbe8f8095a83a7cb41dfc3ddd22695f8853a866094f0814d4698227de875625816
-
SSDEEP
384:Dhbkegxb0Fac9mfn3+2YCjDoAOIdHNY0B+:lAhxWfOnO6PAYq0B+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580119982885769" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4480 chrome.exe 4480 chrome.exe 648 chrome.exe 648 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4480 chrome.exe 4480 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4480 wrote to memory of 2004 4480 chrome.exe 80 PID 4480 wrote to memory of 2004 4480 chrome.exe 80 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 1704 4480 chrome.exe 81 PID 4480 wrote to memory of 4920 4480 chrome.exe 82 PID 4480 wrote to memory of 4920 4480 chrome.exe 82 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83 PID 4480 wrote to memory of 2080 4480 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\dotNET_Reactor\Help\License Agreement.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff99435ab58,0x7ff99435ab68,0x7ff99435ab782⤵PID:2004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1816,i,10891554473006004285,11485007335008049254,131072 /prefetch:22⤵PID:1704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1816,i,10891554473006004285,11485007335008049254,131072 /prefetch:82⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1816,i,10891554473006004285,11485007335008049254,131072 /prefetch:82⤵PID:2080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1816,i,10891554473006004285,11485007335008049254,131072 /prefetch:12⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1816,i,10891554473006004285,11485007335008049254,131072 /prefetch:12⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1816,i,10891554473006004285,11485007335008049254,131072 /prefetch:82⤵PID:3344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1816,i,10891554473006004285,11485007335008049254,131072 /prefetch:82⤵PID:2784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 --field-trial-handle=1816,i,10891554473006004285,11485007335008049254,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:648
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD593e3f39dd60b2f27b76e563db5aec8d3
SHA11b88c15da2c516e955a34b4ba1bd1a0f29ac5129
SHA256b36c1316862abf7e241cc509dc2bc0f153a64bceab8d620546aef35fbffa4332
SHA512ddde22b0afc5b905566831613b85c1bbf7efc9529cbeca3ba27445c1ded8595eccfc6e4015532f4f5a91f3ff25fdbe52d5ecc092e884c20a89279668436014b0
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD529a076b8283a0e522af89badd5e39ee2
SHA19875d46644268222ba7fe5703b1b1cd6b027d493
SHA2566c701def512d377ec6c05a1c03dd5c917e2448b91dd377fbee5092ec2a62021a
SHA5124a33dac226601edef81d31c1d7d405c307586cea270d7ecfc90c29779827c1914b5def9818b3ab23fa9269874efa114caa2f3cf4484148e456a4f75b8af5b4a3
-
Filesize
127KB
MD52e91d12d91b58c71e2b4e886ee8368f3
SHA14e566e2e4c91b56565b56f7faee03e31555a94dd
SHA25690fc7e1ad545eaa18b7e8d5f889db4c6ba746552be79465aed9798ac2103cc1e
SHA512a7128f593af3329e221af0a3ab5ba3d57128c2fff78572876cedad7c0055d789ab72c389b5ee43a44c23087ee637925ab9b7c7209a04667bdbb705ad0d865bf4