Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1199s -
max time network
1173s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
20/05/2024, 20:40
Static task
static1
Behavioral task
behavioral1
Sample
973816.webp
Resource
win11-20240426-en
windows11-21h2-x64
9 signatures
1200 seconds
Behavioral task
behavioral2
Sample
973816.webp
Resource
android-x64-20240514-en
android-10-x64
0 signatures
1200 seconds
Behavioral task
behavioral3
Sample
973816.webp
Resource
android-x64-20240514-en
android-10-x64
0 signatures
1200 seconds
Behavioral task
behavioral4
Sample
973816.webp
Resource
macos-20240410-en
macos-10.15-amd64
0 signatures
1200 seconds
Behavioral task
behavioral5
Sample
973816.webp
Resource
debian9-mipsel-20240226-en
debian-9-mipsel
0 signatures
1200 seconds
General
-
Target
973816.webp
-
Size
63KB
-
MD5
d3afdece336124c76401eef4f101c9cc
-
SHA1
d301e492c2b7a58d864e4a414fc4e728eff21acd
-
SHA256
a3b0b7e3d366d24fb885fbdd4cc261599d36d25e7aa75279eaf8b93b68843b46
-
SHA512
115d4fb56cb1783bf0aa8bb906069b34a684d54ac86c9a16cf04ec946a1484b679cd00574b781c7d4ff4359092d1badc8feb697b9b4b3e2d09a967f23228b519
-
SSDEEP
1536:i+ntlAfCfqn/kgaX4cDGMaQ/+iCZ60b8j47ARDu1NF+yf:ttlAfHnMgaX4cSMaQ+BzIMkRq39
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607130491223012" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3356 chrome.exe 3356 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3356 chrome.exe 3356 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe Token: SeShutdownPrivilege 3356 chrome.exe Token: SeCreatePagefilePrivilege 3356 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe 3356 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3996 wrote to memory of 3356 3996 cmd.exe 80 PID 3996 wrote to memory of 3356 3996 cmd.exe 80 PID 3356 wrote to memory of 3188 3356 chrome.exe 83 PID 3356 wrote to memory of 3188 3356 chrome.exe 83 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 1604 3356 chrome.exe 85 PID 3356 wrote to memory of 2968 3356 chrome.exe 86 PID 3356 wrote to memory of 2968 3356 chrome.exe 86 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87 PID 3356 wrote to memory of 944 3356 chrome.exe 87
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\973816.webp1⤵
- Suspicious use of WriteProcessMemory
PID:3996 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\973816.webp2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3356 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa861aab58,0x7ffa861aab68,0x7ffa861aab783⤵PID:3188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:23⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:83⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:83⤵PID:944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:13⤵PID:3708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:13⤵PID:3656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:83⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:83⤵PID:2044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:83⤵PID:4568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1776,i,2261654862937207250,15820179969107463634,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2700
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD51cdad0b441ae585b8c0480dda6ab7bdf
SHA159560523dcbd3c04e91220c6c8442c4f7b360c9e
SHA2565d53f0982bad5a2cff11c5f6fbde069e84d313f409ce6adf25663e47ea2436ef
SHA512b39b7e2bd64ce616117b6941d9087d4ca4f5b5aefbf1a2a9e48e2a480daafc7a94b42a51729c43cdb7a2d73f75837b9489efe1a91a17feb3b1dc33e5bd15e8ee
-
Filesize
1KB
MD5846a70c53fce7311a3abde33f1bd2dba
SHA127590b48925941e46ae7c2f0adbbeb5c01021966
SHA2567b378b61e3105e81f005b76220839b4b90c9aff1840b23716a4895e84dc24dc8
SHA512c5baed039d357f49ad19278c420a15052d8593640f609c0d5edaff16e615c02e2876904480aa7c48d9bfab6b01f4c605feeea9aa8fc60f225e176f2547cc8a41
-
Filesize
2KB
MD576458e9639a1d33facd8137c78216843
SHA11e17585ed1941ed79bbf618bbca143bafdca4b6d
SHA256456e45e0c4cfccf5c0f90d1350df8344d88236dbb9ebe555df23754a9d661c06
SHA512aaf389e9ad2c11b0a568a46e5d7224eaf308156b4571d69969995a462b64aacaa7165eda19446b60fdb45b024ea64455c0649afa7801d459dcdc8bff89f4b4ec
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD5ab9c512769538ddcd716205c3275e953
SHA1a3a744cf6fd76614bdc816637aba7930a58daf52
SHA256076bb510c323c3aeb3df73ca911e63d78e0e233745e54a550d2f0430744393fa
SHA51297d83c94a40a90797b2468748db8cbdd9f8978b9e0059fc79acefe26516c988ea5c4aee932ef22a005f47cdc99172075e3bfd11976b12298a9ae14a36e5fdc29
-
Filesize
16KB
MD5da15303de8d881d0dfbab52736ad665a
SHA10bd5c286f60b859f18d6d697f948f9d8847f3e7d
SHA256d0462778c41821768e6dd57c751d6dee2c15df4d098eaf11c3b1a4a0b2bf8f5b
SHA5123ebd843534cb68a844b816aa2424d27d02657175f7fea749cb9dd915f98484b9d8ce16e9b0f2d9ca8e25da4093ff1ed49f14548e24a9effec48f17ae7ab53938
-
Filesize
260KB
MD5a6f30c886dac94ea4f79372ce28ac2cf
SHA1f8205dd29c31f2d01724a13d2cb4afa0c77435a7
SHA256e763aa1ff15a2b545bc9a14c27381241e11b59f8b1c2eb026220558402427001
SHA51205b8b762c0641602d512501f9f4e11e76a52a3eb4a336db57725dc554ffef4c5217ffd14e5d196dc5136898c261ed1cdc19a61148f4103cfb0b613ab10aaf3c2