Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

f9421fce4c...dc.exe

windows7-x64

3

f9421fce4c...dc.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2024, 09:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9421fce4c56980bfe98bd9f406d772ab4e404478fbcf22207b9fcecdb232bdc.exe

  • Size

    897KB

  • MD5

    9f4a4ad504f60fd5d6fd9b145d750af1

  • SHA1

    a7d4b9d6d963b0ab5541ddbdd0881422e374a9c6

  • SHA256

    f9421fce4c56980bfe98bd9f406d772ab4e404478fbcf22207b9fcecdb232bdc

  • SHA512

    709a17609594cfc96cec0986ef4b0095f0c7986175344e9e45a98280961393d51ae0602e6b1cfd520ea983527b11259e88120b15fef588a763fa9224dd1ca873

  • SSDEEP

    24576:9qDEvCTbMWu7rQYlBQcBiT6rprG8a46K:9TvC/MTQYxsWR7a4

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9421fce4c56980bfe98bd9f406d772ab4e404478fbcf22207b9fcecdb232bdc.exe
    "C:\Users\Admin\AppData\Local\Temp\f9421fce4c56980bfe98bd9f406d772ab4e404478fbcf22207b9fcecdb232bdc.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe /T
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:524
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM msedge.exe /T
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3568
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM firefox.exe /T
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2108
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM opera.exe /T
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3232
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM brave.exe /T
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3996
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0x88,0x104,0x7ff8562bcc40,0x7ff8562bcc4c,0x7ff8562bcc58
        3⤵
          PID:3784
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,7675272798587932653,10986513523032574304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:2
          3⤵
            PID:3476
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,7675272798587932653,10986513523032574304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2068 /prefetch:3
            3⤵
              PID:400
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,7675272798587932653,10986513523032574304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2576 /prefetch:8
              3⤵
                PID:3892
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,7675272798587932653,10986513523032574304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
                3⤵
                  PID:3268
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,7675272798587932653,10986513523032574304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
                  3⤵
                    PID:1052
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,7675272798587932653,10986513523032574304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
                    3⤵
                      PID:3976
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,7675272798587932653,10986513523032574304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
                      3⤵
                        PID:4048
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4384,i,7675272798587932653,10986513523032574304,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:636
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:220
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:1904

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2288ba0a-fa77-421a-865c-0dc82238e926.tmp
                        Filesize

                        9KB

                        MD5

                        1a99103f939d8b40b7411a73be853619

                        SHA1

                        a644414dca25da875cba1e6d3fe35c090bf2e781

                        SHA256

                        4b28baa8be1376f5379af51d74c311f9d6bec77d8162ddbfa5c51857e1b66ea2

                        SHA512

                        c7cde9674692542f90973512a91a82f9bdb5d56b9a9542dc38a067169d2a757dd028382a3b4d751be532ee1f831a43017a89c263b740e15483d75d9bdf1450b3

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                        Filesize

                        264B

                        MD5

                        992850da52ae6cbb06afbef242c33138

                        SHA1

                        d7d7efc07282d2b0906b1b78b40818d1123fd2eb

                        SHA256

                        f679e38c4802e04b4f0be9c2285270e2ad963739e34efbac5a49a97b072b1258

                        SHA512

                        00de15efee84b70b637193c29685019e9c3c904bbe1237b5c8fd8e62d22a692ef62c4043297ca496ff0d320db64ffffe120777e59b3bdfb1b0ba1c02e7999776

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                        Filesize

                        4KB

                        MD5

                        f2441c2ae62b786593e9404dc02ff7dc

                        SHA1

                        27231219c6bf8e2431ee52b17ce1327d54e27868

                        SHA256

                        a9debdb6b97e1ace7c635cbfae268fb5920eb22c519ece40181186d14a1e1304

                        SHA512

                        513138d60c6a0cd6da548f07cd56989fd19dc336ac596df2b1f6a25477febbf16bad1c828f27e4fe724dd3f26def5e0ae3d164279f48599ef916680bd3471d92

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                        Filesize

                        853B

                        MD5

                        933bf5721007c58345c9c4bd0f68141b

                        SHA1

                        afbccf9efce7e394088412a5374a5cd34b4cc009

                        SHA256

                        1acc83aa62efc599e77ab511b6970dfd3e24b2c63c498c3d56e53f2d14e8be09

                        SHA512

                        60b9072ea632ba718c1839f8af51f24ab5bf308f068cc20e2a3a04b9e626773367f2356a76733bd20566aba02e4f5b2ad9ae872e01aeb6fc812c9bf4a9e05d63

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                        Filesize

                        9KB

                        MD5

                        6c0fc57abad4f3b1c96f97286c7dfb5b

                        SHA1

                        b1134bb174640df5555c33db8efe855f5ddbfdec

                        SHA256

                        9b4c1328c694bf02bc1d8335df5ea3e23e96ecc169163c856c8e0cbedd9239e1

                        SHA512

                        fe3a54165479412ba50771478cf26b2f84639d8f4206ba4bc17498d5d7a312b78a0d00b1a6dfcbb4c01fa39a4d29e641011fcdbfdaa3d9a1b56b1eeb4d93fcf1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                        Filesize

                        9KB

                        MD5

                        236e728d79888963537b3b078e1ee613

                        SHA1

                        bad8ed0ca313ac960aa05cd068e56edc6208a9dc

                        SHA256

                        bb93edc91d86274fbce9fd999bdeff4348de7e48342c468a347690dccda6eff4

                        SHA512

                        b3893608e4eaf0957deb3aaae31ca4da708b2d6a4cb19c08a4422f8dc617deb005c3efe5d25be45b88a04c786aaea1b0ad256eac5b9a179369362ed0e16c3b02

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                        Filesize

                        9KB

                        MD5

                        d2e5bd63d9c166e5a70a689336e3deeb

                        SHA1

                        150c3e337acede01323798b59cd6f16377c804c8

                        SHA256

                        4754f04d9b27be8d8b4c4115b07a3601fd84dff331daf502e9d518020312117e

                        SHA512

                        a37cc0c816758454435c528ebbeb702bfcd64d217ad5405d38f59557e8b5ce1c6b9e7fb3bc9b593bbf371ffca2206a501a20f1801fa90263d5f643d5c8c921c3

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                        Filesize

                        15KB

                        MD5

                        51794bf82a0f2e63948dc7497fbeefc9

                        SHA1

                        d7a34f53377bbab653b87c467188e6bd182e7957

                        SHA256

                        b5a2305893d8fc27c1ca449f5545767a59a9468af1501ff7a49e58a5a29c083e

                        SHA512

                        c9eaf92d9344db4350a296dff365cca7882f41445873e1689a701acea69de427a6df2d59addbc1d91cb351a515321f0a65135461f8cd76e3eb356d044270fb01

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                        Filesize

                        228KB

                        MD5

                        36c1f7923c72b9e71ad6bc634c7642c7

                        SHA1

                        d51b69245c462f1c824ff3fb10dae107c4055749

                        SHA256

                        1d0d7f1c3b246166f925368456b1f53927b562980dc2d998a5c5538538fc9d2b

                        SHA512

                        17f0e948ff4536bc451041f633cac6ad4c10c9f58be9503422403b62ebfd461fb92e24f20dc0da4bf44436b3a6470459f49e3fd458b514a583a582323682593b

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                        Filesize

                        228KB

                        MD5

                        50ef285e78f7d46624296b3dc694c58e

                        SHA1

                        df8cfc16e8f81f9601efb3ac609aab5be337bfe7

                        SHA256

                        187c3bf0b2f99cb2852c71877b37763ccd8eeff8ce9243e8b56273fcbcaa03cc

                        SHA512

                        ca3a5136c7428c1620d4317ea7a27c3fba07939199b46185a579c8bda9efda93e08047cd800afe8d789a4da9899478b15f8a5f473ff3f8a436d1ddb525ba68f8

                        Download Submit