Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
295s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2023, 21:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://aemgroup.net.au/download.php
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://aemgroup.net.au/download.php
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133225304958339322" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3844 chrome.exe 3844 chrome.exe 2496 chrome.exe 2496 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3844 chrome.exe 3844 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3844 wrote to memory of 2716 3844 chrome.exe 84 PID 3844 wrote to memory of 2716 3844 chrome.exe 84 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 2976 3844 chrome.exe 85 PID 3844 wrote to memory of 5096 3844 chrome.exe 86 PID 3844 wrote to memory of 5096 3844 chrome.exe 86 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87 PID 3844 wrote to memory of 212 3844 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://aemgroup.net.au/download.php1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3844 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90cb79758,0x7ff90cb79768,0x7ff90cb797782⤵PID:2716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1808,i,4344056680413504694,11961064039336913595,131072 /prefetch:22⤵PID:2976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1808,i,4344056680413504694,11961064039336913595,131072 /prefetch:82⤵PID:5096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1808,i,4344056680413504694,11961064039336913595,131072 /prefetch:82⤵PID:212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1808,i,4344056680413504694,11961064039336913595,131072 /prefetch:12⤵PID:4476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1808,i,4344056680413504694,11961064039336913595,131072 /prefetch:12⤵PID:4788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1808,i,4344056680413504694,11961064039336913595,131072 /prefetch:82⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1808,i,4344056680413504694,11961064039336913595,131072 /prefetch:82⤵PID:3524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1808,i,4344056680413504694,11961064039336913595,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2496
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4768
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b41293672d7e1889fda740f3172dde3e
SHA1f7e6b1d68a8e90b8751124ebbd91024ad1da1fbe
SHA2561e076cea01ce02ffdba3f97ef9592a6ccd075585ef205c4d051f977438b4c77e
SHA5126c077cf329a00ea1a0c3d2438c8fb87dceefeea28ec5b49debcbbca7be6810b061eee9682f886458a98d2a4c79feca83a21f8491f3bba2e225423825ad338147
-
Filesize
1KB
MD5391bf9ee5604614a48b668414345779b
SHA105de207765fa1692262b1d7cf4ed0f7608f282ae
SHA25667cc531fadc548fc798834d20d737039845ddc0eeebf5fe46c0c676eac0ed46f
SHA5127a9401bfa13d21664c4f9a321bcd90199d226832fe7119b6c5bae89e8bcf13ec0d112487100e85c185120ab4d1d561e7f7da019a26959c8d7105f97ff9aa1200
-
Filesize
4KB
MD58969a3b8e131ca83561137f677f761fb
SHA1c6b19351701a4b33968615cbe7e42b914cfa354e
SHA256c2e0e81e63c777787d6fbbb450bb2b901341683da1ad9ab121794f722a1b5260
SHA512d730a26125bd0253442dd877b8fb89bdaa31c0a3ad25a58c6faa664985a3aa825020bd6a5437d2e75cbf82573879532b6637e52e1fbe58aa7a8ca29eebab5618
-
Filesize
4KB
MD56422df6675b2563e24653bef0172d0b9
SHA15aa18f4a27c6dfe27073b0866ac7698134704239
SHA256a09f4d072f6aa46ffb4f201799500ee8487d1c8d58ea48d2dd9b7b38e70cce5a
SHA51206d87bb30f098664302239ecf221330001dc47830f33cf286699d8d34b6be3f6f342f634eb41198db793b6a076dc7bfe49c293c17e6f11f06f126456c02d0dd0
-
Filesize
4KB
MD5c71268633afeda7c58b06c44597c0949
SHA186c07c1b960bd95f3617020070a7c24ed76120be
SHA256a4c993b0167513a203e55796baafce1ef09f9816fccc34d63ca1dda24200ec8c
SHA51217185a29cecdf12f3eba0298ed1c7b426d8c3a5a3ab2f9b761a69bcbe700e585c0ce70cf172693a5ce1393790378a19c5beb9fd31557878a968a9f6e9d2c1302
-
Filesize
4KB
MD5b5cefc502fbfc15bcf34202ae296a7ad
SHA1ed3e54c9c81d43df57224188c3f22ecfa8e793e7
SHA256e54c8f0fdcc6d23568cc79fa8bbd38699cf1cee81459c04bd03b24fc6bf08d66
SHA5128efe1215b82803390de2da07b06785a6d5f84db60e1af21ea2f8ba2d28d1206275c15b67e34277605207a5eb6e76777c7b5ec829293796792c82f79b9257b359
-
Filesize
142KB
MD506f869e489a1ee2c7e87ec6bdd4ce348
SHA17db5e3761a4a46ec69457189a29e79b23c495b8b
SHA256207d9b1786acabeffe0c169585459f4ed124abb4158913558f8a050d123708dd
SHA51280b100896c1ac271fb7c49b6af41ac7c61f27eeb022bbfe5e783781ceb566c9c0149bf227fd8b6c4dddcd74a18b38bcb7501e360cce072c0362f0871d1c200c3