Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
599s -
max time network
559s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
09/08/2024, 15:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHdOaXZobklXdEJOWTRmc3dNLUNpX3E4bG5iQXxBQ3Jtc0ttR2sySVVQd2E0WUtGR3BiWkdiVEdxZGVtMFlxdXY4X0Focm9PSnlVbEJyY1o4SkE1MndGX2llM0ZmeFpkUHltRW5TMkJ2TnhVZlE4Yzh1TGhOMlk0NUktbThtbGxLWExWcS1xaC13bjE2S3ZtZlpHVQ&q=http%3A%2F%2Frapidshare.com%2Ffiles%2F158388250%2FJps_virus_maker.zip.html&v=NbtO98n86fM
Resource
win10-20240404-en
windows10-1703-x64
10 signatures
600 seconds
General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHdOaXZobklXdEJOWTRmc3dNLUNpX3E4bG5iQXxBQ3Jtc0ttR2sySVVQd2E0WUtGR3BiWkdiVEdxZGVtMFlxdXY4X0Focm9PSnlVbEJyY1o4SkE1MndGX2llM0ZmeFpkUHltRW5TMkJ2TnhVZlE4Yzh1TGhOMlk0NUktbThtbGxLWExWcS1xaC13bjE2S3ZtZlpHVQ&q=http%3A%2F%2Frapidshare.com%2Ffiles%2F158388250%2FJps_virus_maker.zip.html&v=NbtO98n86fM
Score
6/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676986846950062" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2804 chrome.exe 2804 chrome.exe 2668 chrome.exe 2668 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2804 chrome.exe 2804 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe Token: SeShutdownPrivilege 2804 chrome.exe Token: SeCreatePagefilePrivilege 2804 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe 2804 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2804 wrote to memory of 3064 2804 chrome.exe 73 PID 2804 wrote to memory of 3064 2804 chrome.exe 73 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2520 2804 chrome.exe 75 PID 2804 wrote to memory of 2820 2804 chrome.exe 76 PID 2804 wrote to memory of 2820 2804 chrome.exe 76 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77 PID 2804 wrote to memory of 4344 2804 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHdOaXZobklXdEJOWTRmc3dNLUNpX3E4bG5iQXxBQ3Jtc0ttR2sySVVQd2E0WUtGR3BiWkdiVEdxZGVtMFlxdXY4X0Focm9PSnlVbEJyY1o4SkE1MndGX2llM0ZmeFpkUHltRW5TMkJ2TnhVZlE4Yzh1TGhOMlk0NUktbThtbGxLWExWcS1xaC13bjE2S3ZtZlpHVQ&q=http%3A%2F%2Frapidshare.com%2Ffiles%2F158388250%2FJps_virus_maker.zip.html&v=NbtO98n86fM1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d6259758,0x7ff8d6259768,0x7ff8d62597782⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1760,i,16439426415701421134,10871224255229808104,131072 /prefetch:22⤵PID:2520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1760,i,16439426415701421134,10871224255229808104,131072 /prefetch:82⤵PID:2820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1760,i,16439426415701421134,10871224255229808104,131072 /prefetch:82⤵PID:4344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1760,i,16439426415701421134,10871224255229808104,131072 /prefetch:12⤵PID:4984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1760,i,16439426415701421134,10871224255229808104,131072 /prefetch:12⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1760,i,16439426415701421134,10871224255229808104,131072 /prefetch:82⤵PID:428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1760,i,16439426415701421134,10871224255229808104,131072 /prefetch:82⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2452 --field-trial-handle=1760,i,16439426415701421134,10871224255229808104,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2668
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD593a2342dc75ea251b2b3b3364a69371d
SHA15b4fc27108664de5e6c795a19a5dc79803f80287
SHA25602db6175bf9c0cedcf676d3919a9f26a964fc4ad6a62da9fc5fe8a23e2dc3558
SHA5123cb8e7c5760ee9ce5f3bc259f462ecc5fd05b96ed5925728b96a4d1f6efa4b9075a9f4933d830c917ec232c28b59aa2f4f1626d5c4ff019bd37fcbf15f36e9c8
-
Filesize
1KB
MD58e66253d2ec01b8c87ca8f8c99418df3
SHA1e10824200ec7ea543c1ebeac5ee783da31e443fa
SHA2563b3bd4c2dff41d129d8a98657750886d2bfd5a3648c85a6b8e216e6924149119
SHA5127adb5f2e79fa119a05513a68287cfa706bec43730ba34f322dd1eaf21f9eea31065789f4b0926df9773b912dc9581f1f31a5e2f3aaf67244073e1bc94eb41a13
-
Filesize
1KB
MD5b0fbb5f8c6ff3c5c3b9889a76365a0a4
SHA1f7aec0311a5aa5eede56b2a37f8a4cd41cf41926
SHA25614cd17ed6c00a580d8247ebfb6924f04c75865fadd6a2cf4a68b8964829b9654
SHA512809946e232564c285fb4794373e93d9ed27fa81e612d7f4ac26a281fcce6dd900090c91ba5f29194a0cfc99e27e634555af8daab4886456721f8c6dac8f4b113
-
Filesize
539B
MD576c4634bd9c46592b22264c56e0e0cb7
SHA1cf8e28a528346d128568a24c397eef478d0b7bda
SHA2567841855f65f363edb01c670e8df0dbac15a04779c49fc211a6206a8e8930126b
SHA51204bc58cb83455a125aae1167f2c2b91f1000fbb6b03a7d3d305c572557c875bac20388ffb4c58e324e817672547fc8616f0467f2b3367e058fdc379e3ae6f528
-
Filesize
6KB
MD592216eae8acd25a2c9ffcf47a3d198e5
SHA14b36e32eceac7f34ea7b1f3c9b18dcf9d6132e9c
SHA256a3ae21739e8a03850db8ee6371830a11cef8f1b5ddc8487aad02a9712de76785
SHA512d9a964bb9afc81d2a2cbafef133c8c7f6beaa32c967259f570e4d75af14165805f8f8a718e055fff408454f9f2e0021018120b31d2a563b4b7469e0dc7f5d8c7
-
Filesize
6KB
MD5bf1a36d865b11ad1a3189f055ee47165
SHA138eec874d9a444d0528af1bdd30f9c3b2d37e173
SHA256be67665bdd3e08b9d3421ac9906708c2bf6f8a9b6498cc6d2064959545ff7ccc
SHA512a2e3fd20fa99bb536357c3e6c146c52f84fbbb35e37eaae2554dc4b24ec39c62e54a5d93b9233a19d041f2457d3464d003706ed949e42485fe1300b84d7909ba
-
Filesize
6KB
MD5984954d38486278a51b36287e2d37f5a
SHA1c670b1436c2b57b676580d0d7aeae720d9bb182d
SHA256f88f5339b55f65c1f8ee4cf3929ac72ffa29688aa9a16809aa1a95e99e8cb089
SHA512220d59ee565f6f2d10ba1f046092bf2f0b76cb0dd7caaee9ca231df38c9208b6802b9981c9dfa584e21b5d1df2c2f09e7ae49323ea964683d6b6ece7551484de
-
Filesize
136KB
MD598cc9d961033c82036cab0dd909e8b7a
SHA12ea9fe1dc2bf53d526ddabd652b5336d99d3f954
SHA2560b8d4ed0adf26524bbdf4bc9c4abf09e773d8893ea3ed07e5f59d7d9142dc51c
SHA51205762c5cff992e09e53230a7455cce3da71f33d9858c09a2780bcdf2459b065911be1141571c1e4f017c83a8ef78ea26ad9039a10d09a97f9f9fe8a5869678fd
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd