Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

cryptolaemus

windows10-2004-x64

7

cryptolaemus

windows11-21h2-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe

  • Size

    1.1MB

  • MD5

    1fbd1e7c3fa11e704f202677669931f5

  • SHA1

    71b4418afc920cb3d9c4222a475e1225bd308578

  • SHA256

    59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0

  • SHA512

    ec40acb37a4730931d72b2a0fcc150086973ab3de43a2fae35125a5a48fb5dd7bc34fc9f2a3fa233f46d5a36c66153bf91e73356201c4ef032312869d2fea3b4

  • SSDEEP

    24576:bqDEvCTbMWu7rQYlBQcBiT6rprG8aue2+b+HdiJUX:bTvC/MTQYxsWR7aue2+b+HoJU

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 60 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
    "C:\Users\Admin\AppData\Local\Temp\59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2432
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8876cab58,0x7ff8876cab68,0x7ff8876cab78
        3⤵
          PID:1012
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:2
          3⤵
            PID:680
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:8
            3⤵
              PID:3692
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:8
              3⤵
                PID:2560
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:1
                3⤵
                  PID:1744
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:1
                  3⤵
                    PID:3832
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:1
                    3⤵
                      PID:4300
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3280 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:1
                      3⤵
                        PID:2040
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:8
                        3⤵
                          PID:2032
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:8
                          3⤵
                          • Modifies registry class
                          PID:4436
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:8
                          3⤵
                            PID:4732
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:8
                            3⤵
                              PID:1800
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:8
                              3⤵
                                PID:1828
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1928,i,12565148711998707969,11509905426869016216,131072 /prefetch:2
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:392
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:2760

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              336B

                              MD5

                              c26d3f1397959d1c8dca69523564944d

                              SHA1

                              cf5ad0f41be473d566815c5d33eb4397fe9eb943

                              SHA256

                              493bb05dae817441a0b520435209e7e08d2a248cab70ec16600ea706d0901f0f

                              SHA512

                              8aa8452231276f7a1c2dd5610bd8edc2c50334510feb52b4255c0b123fddaf42c0157bbf206ed0658f52fb6694ba70c3eb4f2e585dda0dec1209682c0b9a2c93

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                              Filesize

                              3KB

                              MD5

                              b0419f19d6bfada63a1a2aec7f70c8c1

                              SHA1

                              6a64dd0936da3dd032dcc617a53b9bbe6a7d7c6c

                              SHA256

                              6aef2c16958d5131c3f98d43244013839d074f16f61938647069deecb892be02

                              SHA512

                              849aad681fd398352c56a876bc92913b4f4ec0455ced92137c08fceda86b6a48c4e66dd9142cbf012b12eae74526e3f2ff5e3b198f9be673ae1270aeabbf7144

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                              Filesize

                              2KB

                              MD5

                              c8cc49b6a525ac10aae59f1b94c4fb1d

                              SHA1

                              bb6029a6f3f865ee6178277a37fb54d057956d37

                              SHA256

                              ed70266b1e2e0db0bd829c436d4daa46a73c11554cd3960b7a7a7cce112f989b

                              SHA512

                              5f437467f7b1dc4342beed60757d584dcb31a99faa7f1c9ca1119413b00238a9f5d2bd05cc270da146716a89e4cae8804bd6e04c0d90636c0b467c43f982dc1c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                              Filesize

                              522B

                              MD5

                              ca667921f8e94bbebcac463dfa1b2bb2

                              SHA1

                              5e87f1dbe080136a0488abb59720839b32d5d57d

                              SHA256

                              9163d543b8df18e0fecca586f52da24362a183e7cd5ca7ac38239eca4a40e620

                              SHA512

                              981dc9751fbdc5e968d6953eaeca0ff8bd9a7a08ab67c5d13e9f8d982fa965bb0fa7013b0ddb2fb67c344829e61d75b941f85e4e498c519f4fc65f47f326f103

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                              Filesize

                              522B

                              MD5

                              a44825e86d9bf85336507f5d890721fd

                              SHA1

                              ccd506dbd4bb36646d4532844e5830f7652eb816

                              SHA256

                              29685e4c2294f54b9fa0ddc1f1cbc4f262cd5ec63d287359fb929fcc8e3c8739

                              SHA512

                              5d6b57dd33d18229a538a37639bd58c1a1af4ecd3b4a004b5109b34005c297e843d3836457b8a25ee6346a48cb9cb4e15cf8490e14106fcfcdb40b5cd9efe448

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                              Filesize

                              7KB

                              MD5

                              6e92653189087bac584e62c90226bf07

                              SHA1

                              9962d598878295dcab35990a718e6cde494db1d1

                              SHA256

                              6416661b4a43862d72b1fbf9b9d6895f8eacefa016409bb078a2913cca4522ed

                              SHA512

                              900fdf95ac5f96aa9e83782ad6a5347769f49b3f3fa2b75f070d5e59444443f628a00a00cb7e9b6493cba470485201e36d9712a8d5c17cbdc1d67c650af58dce

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                              Filesize

                              16KB

                              MD5

                              14eb2a1b0061d9b3749c48fbe7536e52

                              SHA1

                              98f451a5babb0f053cced819868fbba4092e85b0

                              SHA256

                              617df142fe061bbdad4c34a7f4e624618b79338c154fb0869592c0cc719d13af

                              SHA512

                              3b51422041c4e593af3adbbaaae51db45b0468de5f9f8b419dc78bea2f1ad0599dd2a11da64c5581a943ef57a19ad25ae8fb1f7e00b11ce254e7541c1ffd69b1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                              Filesize

                              276KB

                              MD5

                              79238bca11891830b767b00ee8bdeef6

                              SHA1

                              10dfafe5ec99e85c1e367da847721b106ff6b53b

                              SHA256

                              a5455e1a4eac591d8fbbdf30bc682dea9708a2408d35d7464000ecae08e47ff6

                              SHA512

                              249ea14305575ecb5c415e3969e21274453a70c0f5468bea52b4eb63d5b551c56630f7c59d1b45cf474fbc53a748c97d9afa8f51567df142098bf916973729a7

                              Download Submit