Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1799s -
max time network
1687s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
22/05/2024, 21:02
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/folder/sqkgciqfil7m3/Executor2024
Resource
win10-20240404-en
windows10-1703-x64
8 signatures
1800 seconds
General
-
Target
https://www.mediafire.com/folder/sqkgciqfil7m3/Executor2024
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608862757141269" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2804 chrome.exe 2804 chrome.exe 5080 chrome.exe 5080 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2804 chrome.exe 2804 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2804 wrote to memory of 3064 2804 chrome.exe 73 PID 2804 wrote to memory of 3064 2804 chrome.exe 73 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 4472 2804 chrome.exe 75 PID 2804 wrote to memory of 2220 2804 chrome.exe 76 PID 2804 wrote to memory of 2220 2804 chrome.exe 76 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77 PID 2804 wrote to memory of 2016 2804 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/sqkgciqfil7m3/Executor20241⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff8d6259758,0x7ff8d6259768,0x7ff8d62597782⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1840,i,14720888524677246893,50822409392422185,131072 /prefetch:22⤵PID:4472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1840,i,14720888524677246893,50822409392422185,131072 /prefetch:82⤵PID:2220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1992 --field-trial-handle=1840,i,14720888524677246893,50822409392422185,131072 /prefetch:82⤵PID:2016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1840,i,14720888524677246893,50822409392422185,131072 /prefetch:12⤵PID:216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1840,i,14720888524677246893,50822409392422185,131072 /prefetch:12⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1840,i,14720888524677246893,50822409392422185,131072 /prefetch:82⤵PID:4396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1840,i,14720888524677246893,50822409392422185,131072 /prefetch:82⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4472 --field-trial-handle=1840,i,14720888524677246893,50822409392422185,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
456B
MD5ada333d58a6e171b25bc27862d6811d5
SHA1fd79cfcaf11cdbe8778e1f4ba6929d60e0f96c4a
SHA256df857539c2fe9de789bf22ae94ccb9615e7b254dd7d4acaf658c3d7384dcfd37
SHA512a378926f0b7d0e17cf0c3b964b01aa0cb029cfbb63f423aeaaa44be5019ebc91ac69245d9ff96ac8166110a5b16ceec0e6d870cd094118baceb13f1bed3ef4dc
-
Filesize
4KB
MD5d4558a4b6b1a177cad065c1d0d48a7a8
SHA101210757ecf166741650ebe8a415866256c24138
SHA256f3c7c362e3e608f7f03b447f6ea8ab54422c50e682bfae40bd7f45004fbfcbb0
SHA512e0505ec6114c92a9b10d4316e1d4d5ad7ab6a2d3ee5f18faa808b0c9d2373ff64b4b4f9097dde308994439704606299cfd16452624d36a2b8cf98bfabb50813a
-
Filesize
1KB
MD5f5e72e65feb45bf3bbf3f19d50c5b251
SHA13c0b7a484e4b0b198873504a5714481dc529fb34
SHA2569392eca8e08018156fd5601bab32cc7a5edd0d1a2fe0ab102718fede9ef68f91
SHA5120535761e8782f2c11f2ac40c6d35fafb3b25097824a5ce9be38d654d108cfa98b300e4d0d441342b9fc8f4f506d6728bcb78abb586ddb08a19b330573a94e821
-
Filesize
6KB
MD5e88f0c709e3ca396dc48cc21c3a602b4
SHA11d42f18bfd2b5b86a8953ec4d66d34c322c7ee91
SHA25612fa6ea6629d51b5885e19ef19801689788e649021a1c17a12e8befead773717
SHA51238d65f96b3a8d10fdba58a09d6d41448920184f87494d7bb9f1b3d8c157fc431d0c23ac5b7e2500f4e93f698b9fdebb016b3a9319fed3703b77c77dc04a10c1d
-
Filesize
6KB
MD584a7af7ab282a6adf2294233860ac367
SHA1f4fefd95f99a9cbe775912ce2715c1bd1b753a70
SHA256c9d81f9bdf633f9886992bf95412996b3b6bee73c1bffd2725d2af17329b5972
SHA512e86f6f68db9e9833142ceb816e4dffe324cabfabf147db54e30e5ce2ed3f3e023884f02f579b60d2f2a62730576abcd545e46c658b6b8638891d61e28dcf7842
-
Filesize
6KB
MD53ba29492a69923f2970b09a17b46c03a
SHA183f6d462d88eab7fc42c04573a3d8ea10d9259c5
SHA256c84932434a7bb23e9c81eac892941123eec7c715c3ee6d8cfb5f9957074c1c7e
SHA5124f11c16a03f1fc056de264cddfca67ad41eb8502acbeeb1c539e188a237a346d9b0e30a2f57ed94d372a93ee26f85c8de93647d60d0d986bbd5798362212fc01
-
Filesize
136KB
MD5c68c3f3846c9a8a357578b8a8211c394
SHA1aaf81028282c84f147ecc0fde5aac3335c1d5a53
SHA25625fdb33d125c128bff00b441db73b7a051b8ec6774156d9cd5d8325b236752ca
SHA51288a7c97c8f261b6e2178e7ece03a7a14de858df8f17cdcfef82ec64f25d9147cbe8314ce7fa23191e26798299525eca6f52a66ec656a184b5a6fb34138e992af
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd