Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Malware-1-...30.exe
windows7-x64
10Malware-1-...30.exe
windows10-2004-x64
10Malware-1-...40.exe
windows7-x64
10Malware-1-...40.exe
windows10-2004-x64
8Malware-1-...32.exe
windows7-x64
10Malware-1-...32.exe
windows10-2004-x64
10Malware-1-.../5.exe
windows7-x64
10Malware-1-.../5.exe
windows10-2004-x64
10Malware-1-...91.exe
windows7-x64
5Malware-1-...91.exe
windows10-2004-x64
10Malware-1-...ey.exe
windows7-x64
7Malware-1-...ey.exe
windows10-2004-x64
8Malware-1-...ad.exe
windows7-x64
6Malware-1-...ad.exe
windows10-2004-x64
8Malware-1-...ti.exe
windows7-x64
5Malware-1-...ti.exe
windows10-2004-x64
8Malware-1-...an.bat
windows7-x64
7Malware-1-...an.bat
windows10-2004-x64
8Malware-1-...an.exe
windows7-x64
3Malware-1-...an.exe
windows10-2004-x64
8Malware-1-...ve.bat
windows7-x64
7Malware-1-...ve.bat
windows10-2004-x64
8Malware-1-...ve.exe
windows7-x64
6Malware-1-...ve.exe
windows10-2004-x64
8Malware-1-...ya.exe
windows7-x64
6Malware-1-...ya.exe
windows10-2004-x64
Malware-1-...re.exe
windows7-x64
10Malware-1-...re.exe
windows10-2004-x64
10Malware-1-...ry.exe
windows7-x64
10Malware-1-...ry.exe
windows10-2004-x64
10Malware-1-...ck.exe
windows7-x64
3Malware-1-...ck.exe
windows10-2004-x64
8Resubmissions
13/02/2025, 01:26
250213-btppra1pcz 1017/01/2025, 20:14
250117-yz7h3s1qfw 1017/01/2025, 20:12
250117-yy9l2sslcr 1017/01/2025, 17:25
250117-vy9p9sxpez 1017/01/2025, 17:21
250117-vw8eesyjfp 1017/01/2025, 14:16
250117-rk9ass1rhk 1017/01/2025, 14:12
250117-rhv1ds1lds 1016/01/2025, 12:52
250116-p4et7a1mez 10Analysis
-
max time kernel
381s -
max time network
850s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
13/02/2025, 01:26
Behavioral task
behavioral1
Sample
Malware-1-master/2530.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
Malware-1-master/2530.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Malware-1-master/2887140.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
Malware-1-master/2887140.exe
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Malware-1-master/32.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral6
Sample
Malware-1-master/32.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Malware-1-master/5.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
Malware-1-master/5.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Malware-1-master/96591.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
Malware-1-master/96591.exe
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Malware-1-master/Amadey.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral12
Sample
Malware-1-master/Amadey.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Malware-1-master/Download.exe
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral14
Sample
Malware-1-master/Download.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Malware-1-master/Illuminati.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
Malware-1-master/Illuminati.exe
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral24
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Malware-1-master/Petya.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
Malware-1-master/Petya.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Malware-1-master/Software.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral28
Sample
Malware-1-master/Software.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Malware-1-master/WannaCry.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral30
Sample
Malware-1-master/WannaCry.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral32
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win10v2004-20250211-en
windows10-2004-x64
General
-
Target
Malware-1-master/MEMZ-Clean.exe
-
Size
12KB
-
MD5
9c642c5b111ee85a6bccffc7af896a51
-
SHA1
eca8571b994fd40e2018f48c214fab6472a98bab
-
SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
-
SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
-
SSDEEP
192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ-Clean.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22C66C23-E9AA-11EF-A5B7-F2BD923EC178}.dat = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{22C66C21-E9AA-11EF-A5B7-F2BD923EC178} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1880 MEMZ-Clean.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 800 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 800 AUDIODG.EXE Token: 33 800 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 800 AUDIODG.EXE Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe Token: SeShutdownPrivilege 1704 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1804 iexplore.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe 1704 chrome.exe -
Suspicious use of SetWindowsHookEx 16 IoCs
pid Process 1804 iexplore.exe 1804 iexplore.exe 2092 IEXPLORE.EXE 2092 IEXPLORE.EXE 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe 1880 MEMZ-Clean.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1880 wrote to memory of 1804 1880 MEMZ-Clean.exe 31 PID 1880 wrote to memory of 1804 1880 MEMZ-Clean.exe 31 PID 1880 wrote to memory of 1804 1880 MEMZ-Clean.exe 31 PID 1880 wrote to memory of 1804 1880 MEMZ-Clean.exe 31 PID 1804 wrote to memory of 2092 1804 iexplore.exe 32 PID 1804 wrote to memory of 2092 1804 iexplore.exe 32 PID 1804 wrote to memory of 2092 1804 iexplore.exe 32 PID 1804 wrote to memory of 2092 1804 iexplore.exe 32 PID 1704 wrote to memory of 2592 1704 chrome.exe 35 PID 1704 wrote to memory of 2592 1704 chrome.exe 35 PID 1704 wrote to memory of 2592 1704 chrome.exe 35 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 2028 1704 chrome.exe 37 PID 1704 wrote to memory of 1564 1704 chrome.exe 38 PID 1704 wrote to memory of 1564 1704 chrome.exe 38 PID 1704 wrote to memory of 1564 1704 chrome.exe 38 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39 PID 1704 wrote to memory of 2992 1704 chrome.exe 39
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2092
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5341⤵
- Suspicious use of AdjustPrivilegeToken
PID:800
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c89758,0x7fef6c89768,0x7fef6c897782⤵PID:2592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:22⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:82⤵PID:1564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:82⤵PID:2992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:12⤵PID:2112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:12⤵PID:1636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:22⤵PID:1120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1264 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:12⤵PID:1592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:82⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1856 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:82⤵PID:2792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:82⤵PID:2952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:82⤵PID:2848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 --field-trial-handle=1384,i,17877985187241246876,12898887510258511583,131072 /prefetch:82⤵PID:536
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1484
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD54e2ba211938e522cfcd5d6ccea0fe066
SHA18b67bfe58f806e9e7e1914d01156d646ec365959
SHA256f2eb934e88a079a1fb2ac6702e741712b70aa89cea000bef0fadc98b303f667c
SHA5126ebd174d589ecc543a7cc9f43f301e56045b7d7e116aa815bce3a6108794fbf5e1d129a431d11a44de22d9ed55a77163d26101dc3429e83cd12f3de7698e0938
-
Filesize
1KB
MD50c33e864949d7a9d7f927a2735f2cb4d
SHA1e8b902a8e700854d0d67812c8781319a81d2053f
SHA256d8840ce30dad6f511687b0c11e4beb9fddd1d77866e6c1e9b09d22608960ff8d
SHA5120d5ccd8baf4018a4cd874f72ba70cf59696ab30211a26b85548339ed3feda155cfd3714d68e2ca6ed538232700d33a116613c27df108ac66dc9650d90ae7bee8
-
Filesize
5KB
MD5c780852d4516067ed4ee136fe97e1f7a
SHA18af98084c5e8e5d075cf82d77f71b69ee7f20466
SHA256c456df71942688ee2140c388b226fc17c7b59cf7d9fc4a1732fa33f777a13ce3
SHA5128ca8a9176ef226297a949641538c9b78f2e452222377be46d21fc570bf949a8cd50e430f6928def6992fd5c71ab15e6306862246303531615a8a129fbe4e3417
-
Filesize
5KB
MD51922ae5eacb412b1b8b04883a4188c0c
SHA169e17ce9844ad23a305176e684a86d44648beaac
SHA256cc6045fd1aeb5026c18195e8f0af8ceb7adf3a936a61e26d2a0b1f1d3956cf51
SHA51214cd989daa538e0997219c2d40478409de47f81a73ebd108b08aeed52beb180901b779d2baebb29d2fb1ab348b1b52816fc6124aaa0ee95f5d8d7abf8f402794
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
177KB
MD57685ccefb88a4a67ca5915fb7813170a
SHA1c5b40e6c3b98178a516c90ba7fe1898d3ab2a817
SHA2566b442c22d9f90e5194146efe4e20d426eac2dc05abe3b37080b3a73c0bc5cfc1
SHA512aeea8ef806f71bc268e95417a707e680b26af3e09e15fcd32aee7a79be44a436cafb7e82466c3faecd983fa020615148637aa29a6367b24e0fcf7b7a2f852588
-
Filesize
360KB
MD5222670f7a92c96213aa024121a018ff7
SHA120e193a0abd5f29b445f1b6373b02a3e7997571f
SHA256511cde2eac3eeba46718762dec2a3eb31dc31bec646a56946000a699d61db189
SHA512fc3033f2c792e58ca657ce1ff9365e96570037fe2dba963a305132837bd6fd18d8097bb7393ede726f8b8720c630e827d21eab29b1b6c3d4f0e96513d151b7cf
-
Filesize
377KB
MD5c28749fa9a28794a6e432124f10a588f
SHA1625ea9b6c8fc218d6f0fad2d5dcb94b50742349e
SHA256aae967aea93b7f7c72ddc4674235bb201bdf2a88b374a57fefadc6564835621d
SHA5125a17ab2c2accfaa6f36b22bf93b1a6834651388baf1c95ef13cc17396649f3a9d40ec77e59bf6af616f33ea5efb4c996e79e927efd36190b6929685a5b59d7a4
-
Filesize
361KB
MD5ce8d3542940e5eabb59c081b7cf9c6f0
SHA12734610bb1795b835d09cce0239c36a0e2b9bb4b
SHA2568ea6876f1062920187b099d801de1e8d2e1bb8d56f792514027940b4c0eb169d
SHA51261e19d6887152e00cb874cd21559dbdf20d702c202e56de3269d12a75075adee0360b705d9a8318cd4256b6c9ceb9c9427f153b85e0de181434abdd3153b995d