Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3epsilon.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3LICENSES.c...m.html
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1discordapp.exe
windows10-2004-x64
7ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows10-2004-x64
1resources/elevate.exe
windows10-2004-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...7z.dll
windows10-2004-x64
3Analysis
-
max time kernel
300s -
max time network
287s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22/05/2024, 00:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
epsilon.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
11 signatures
300 seconds
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
300 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
300 seconds
Behavioral task
behavioral4
Sample
LICENSES.chromium.html
Resource
win10v2004-20240426-en
windows10-2004-x64
8 signatures
300 seconds
Behavioral task
behavioral5
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral6
Sample
discordapp.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
9 signatures
300 seconds
Behavioral task
behavioral7
Sample
ffmpeg.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral8
Sample
libEGL.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral9
Sample
libGLESv2.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral10
Sample
resources/elevate.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral11
Sample
vk_swiftshader.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral12
Sample
vulkan-1.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
300 seconds
General
-
Target
LICENSES.chromium.html
-
Size
8.8MB
-
MD5
2675b30d524b6c79b6cee41af86fc619
-
SHA1
407716c1bb83c211bcb51efbbcb6bf2ef1664e5b
-
SHA256
6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081
-
SHA512
3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485
-
SSDEEP
24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608125246906426" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 756 chrome.exe 756 chrome.exe 1264 chrome.exe 1264 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 756 chrome.exe 756 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe Token: SeShutdownPrivilege 756 chrome.exe Token: SeCreatePagefilePrivilege 756 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe 756 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 756 wrote to memory of 4848 756 chrome.exe 88 PID 756 wrote to memory of 4848 756 chrome.exe 88 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 1960 756 chrome.exe 91 PID 756 wrote to memory of 2260 756 chrome.exe 92 PID 756 wrote to memory of 2260 756 chrome.exe 92 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93 PID 756 wrote to memory of 1476 756 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:756 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff842dab58,0x7fff842dab68,0x7fff842dab782⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1892,i,16112841510681252095,3851868187355225765,131072 /prefetch:22⤵PID:1960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1892,i,16112841510681252095,3851868187355225765,131072 /prefetch:82⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1892,i,16112841510681252095,3851868187355225765,131072 /prefetch:82⤵PID:1476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1892,i,16112841510681252095,3851868187355225765,131072 /prefetch:12⤵PID:3400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1892,i,16112841510681252095,3851868187355225765,131072 /prefetch:12⤵PID:3212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1892,i,16112841510681252095,3851868187355225765,131072 /prefetch:82⤵PID:3824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1892,i,16112841510681252095,3851868187355225765,131072 /prefetch:82⤵PID:4004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1892,i,16112841510681252095,3851868187355225765,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1264
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3888
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD59961c52f49c004c541fe8bd47cde75e4
SHA198cc178beb0ec6982bd9fa2b3af1389cdb2d67f7
SHA256310128910f1588efc7ae1cafd091eb5ff2c8904fcdb9e95ebe3f8d94e2e115ed
SHA512571761d8745aaf75b6245bb9e4d2812c50828f0a11e94a9493a00a24a9fc490ead12cccba75573e49fd1423aaeeed0ae986e278313660bcaa4817a9ced14ff43
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD51ac47faa144609b01b0622de950cf6dc
SHA1b69e896ce72e13aae5f99442ff2861d6fda3645b
SHA256703eabd21c3145638784f5c71c315437eeb80b7d09767a5a69d36a33e70950af
SHA512e6a3194d4214f3d46d67eae9e6e5d1d5eef41204bd9d6b1628ece96065f55b9370129a44ebf8d934721fa615eec76144616fc888ad52c683524427d7da1ad73c
-
Filesize
130KB
MD505cf31f168ceb918048d4b9c97aa0445
SHA178b58fb3359a4a72d09774f825be61851f4e10d0
SHA25616c7b95eea7f5cfe8c5a8fbcc2e1523c1aee2f542514134ec78414f503fc4d10
SHA512f8dee1b7931464ffd4efabbfe8e21cb1cb6549607576a8e6de32533e211fa384485ce4500f08b169b3a750bc696d49380d1bbd3477e080d0cc44ed1df251cc0a