Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1799s -
max time network
1686s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
22/04/2024, 16:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/nfh2azcocawvbcu/Free+hack.rar/file
Resource
win10v2004-20240412-en
windows10-2004-x64
8 signatures
1800 seconds
General
-
Target
https://www.mediafire.com/file/nfh2azcocawvbcu/Free+hack.rar/file
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582786593636071" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3524 chrome.exe 3524 chrome.exe 1080 chrome.exe 1080 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe Token: SeShutdownPrivilege 3524 chrome.exe Token: SeCreatePagefilePrivilege 3524 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe 3524 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3524 wrote to memory of 4260 3524 chrome.exe 86 PID 3524 wrote to memory of 4260 3524 chrome.exe 86 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 1996 3524 chrome.exe 87 PID 3524 wrote to memory of 3424 3524 chrome.exe 88 PID 3524 wrote to memory of 3424 3524 chrome.exe 88 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89 PID 3524 wrote to memory of 3384 3524 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/nfh2azcocawvbcu/Free+hack.rar/file1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b8abab58,0x7ff8b8abab68,0x7ff8b8abab782⤵PID:4260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:22⤵PID:1996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:82⤵PID:3424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:82⤵PID:3384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:12⤵PID:2108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:12⤵PID:380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:12⤵PID:3644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:82⤵PID:5024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:82⤵PID:960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 --field-trial-handle=1724,i,1826697596441361244,8237900678217239961,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1080
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d2d1002d34f5363848617dbfdc434ded
SHA1899f1720a1d423455c7087d6ace503700d87bb4b
SHA2568994683885fd8c04ce7756dcc079a3733537e73c0e7ade3ffc105eae6883bcd3
SHA5129b88c9f156206da803b5ab7eb1e483c1e596eb449c1a7fc5c8c9ae2afbb0bfb89382c327c3fef4fc5a925b12f6a539bbc0767342ab6d8960b7d6f64e196adf59
-
Filesize
7KB
MD5364b2c34fe5e849057fbb7c4ec8f6c9d
SHA1c01f8664583e523ee913aff875f864df475c46fb
SHA256e88adeac0416c84e9080e459d1ee1f259d5675b384e7ef0b74b80f067b9168b0
SHA5121454716f7b3604326f88c8f0b971f4060f77c1ff6964ae30765f4462f4337904a31abff0a8e1bd672e4bb3712e2326d2f2ae74e168e5bf4d343761331ddd8092
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD53257fd08f45fc9226b6f370d0a3b84ba
SHA14778872b2b50ecdfa7ef5fd0db072bf25bf873ef
SHA2561c5c401f8d96feb67be0243cfb907a506b729ef52181b78fe46dc9758e62a863
SHA512af79a095711c5ce88e018672294248c7013a8a9ecb801d7d020114f5df3c173d876b85faa315760a3fbfe16c9426c3198b3a0387bc5298922b1ca78adb3bdb2a
-
Filesize
7KB
MD573bab11966abaf1f417f19a8d5c4860d
SHA1c6f1e61375209a4870961d82ebc388387d7603eb
SHA25622b404c50de71f189191c0a23812d42bf024dc264341aedeec5244366b91fce8
SHA5126d9ddb751b742bc53690275fa71bb6c4f9525d51823acf6e0d8f7942473a42e482fbfc4ce79b1628db1ec4bd358808f3f5ca8d9ca642cace9fa44baeb0627f53
-
Filesize
250KB
MD50e4568fe814826881d0e3ea91f9ced1e
SHA1c8cb9aa2df396f333860900b9fdc42323bec1963
SHA2565359b37f3a17b9afdea9433a86960255ec1c6d3b5e358ff2dab69949277b309c
SHA5129ff9739189ac8f39dd86e32d46421a4cfe8effa15becd7c04f9459bff50250e1c35d786668ce0b8c9ac79e6961cf8149502a9b931cca8f7ffb7e5a431c66888b