Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ChromeStdSetup.exe

windows7-x64

7

ChromeStdSetup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10/10/2024, 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChromeStdSetup.exe

  • Size

    27.6MB

  • MD5

    f5352630a4c4764d378d500680cd9f64

  • SHA1

    ce80f5aa2c68cfcdd5be492b3d01f2ca31f1138f

  • SHA256

    832e06a61add7817a67de98b9a7bb8eb8dcb89d3ee557920a3dc96d63a3238d2

  • SHA512

    190c9fd632419600597abd2d29a02f73c976214e4fa4ffaf07f5ace920722adcaf9820f0b73d7c9bad0e0b99c612c2147de62d07036b2a375beffd7e89c211c3

  • SSDEEP

    786432:Tbnq/vxsj6yVAqOu3T4katyXX21qyNPoBe/PFd:C/Js3VAqOuAajyeBs

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 36 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 12 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ChromeStdSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\ChromeStdSetup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Users\Admin\AppData\Local\Temp\wtepktomp.exe
      "C:\Users\Admin\AppData\Local\Temp\wtepktomp.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\WTEPKT~1.EXE > nul
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Suspicious use of WriteProcessMemory
        PID:14864
        • C:\Windows\SysWOW64\PING.EXE
          ping -n 2 127.0.0.1
          4⤵
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:6580
    • C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"
      2⤵
      • Executes dropped EXE
      PID:2788
  • C:\Windows\SysWOW64\Jkcdt.exe
    C:\Windows\SysWOW64\Jkcdt.exe -auto
    1⤵
    • Executes dropped EXE
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:13588
    • C:\Windows\SysWOW64\Jkcdt.exe
      C:\Windows\SysWOW64\Jkcdt.exe -acsi
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:14876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe
    Filesize

    8.5MB

    MD5

    cd32eed7ff292c4be642d7effbcb7a81

    SHA1

    168b1c3861b0ff480250284b70a6d57b8852a629

    SHA256

    2e8957863173f7c3ce0e966b7683c04c16c01bdd78e41b6dc2a4b91a1d8f9181

    SHA512

    597dd3315a05a0dc28a9fd31b24afbe4f6d2094fc95e8c3b5724368d5a15c97ad71c9dee178ae8ef467a32d8bc8aee304bb1b8e560bc964183ff1eaa610f83de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSWWpOOCvT0g70l.exe
    Filesize

    5.8MB

    MD5

    82b07eaf5b509df826c8a9268df0fb16

    SHA1

    1151a73ff6ff839f48f7f0d46e343b41c1ccd53b

    SHA256

    63cc4a2c48ede5aae448420f6ccefb9b7fd4739f6ce17733b453e804ba91977f

    SHA512

    065198bb5413029daad01edb7aa8bf7d70fcab71aeb8e7638f2493d63c6da1efecf0f7df9ffd96586c51317626f9b36ab86e9cdc9a65e3ce86808f24d9269988

    Download Submit

  • \Users\Admin\AppData\Local\Temp\wtepktomp.exe
    Filesize

    27.6MB

    MD5

    4ce843f56cbad3ab43caec3ba7f6071d

    SHA1

    999ecf6203235a3efc3ffa2d599ac4b4ad3e3c2a

    SHA256

    ae783b3c7bcb5ea06fb5eb671da35cbab84fed9ce035c3a322733f409d1dbebe

    SHA512

    fc5992edb859c064a31128dc227158d79d29446d1036c453513e01ba201364b20be118243a36fffdd3deb8f3ec1da85a0896edc99e2de9e4dcdeaf49131e5b96

    Download Submit

  • memory/1692-891-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-871-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-840-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-30-0x00000000769B0000-0x00000000769F7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1692-901-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-855-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-851-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-849-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-847-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-845-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-843-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-899-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-897-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-895-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-893-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-841-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-887-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-853-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-865-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-883-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-881-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-879-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-877-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-875-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-873-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-889-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-869-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-867-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-885-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-863-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-861-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-859-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1692-857-0x0000000003CB0000-0x0000000003DC1000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1748-25-0x0000000005780000-0x0000000007322000-memory.dmp

    Filesize

    27.6MB

    Download

  • memory/1748-24-0x0000000005780000-0x0000000007322000-memory.dmp

    Filesize

    27.6MB

    Download

  • memory/1748-23-0x0000000005780000-0x0000000007322000-memory.dmp

    Filesize

    27.6MB

    Download