Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
293s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2023, 21:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://aemgroup.net.au/download.php
Resource
win10v2004-20230221-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://aemgroup.net.au/download.php
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133225281112446610" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4400 chrome.exe 4400 chrome.exe 1980 chrome.exe 1980 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4400 chrome.exe 4400 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe Token: SeShutdownPrivilege 4400 chrome.exe Token: SeCreatePagefilePrivilege 4400 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe 4400 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4400 wrote to memory of 3220 4400 chrome.exe 86 PID 4400 wrote to memory of 3220 4400 chrome.exe 86 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 100 4400 chrome.exe 87 PID 4400 wrote to memory of 332 4400 chrome.exe 88 PID 4400 wrote to memory of 332 4400 chrome.exe 88 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89 PID 4400 wrote to memory of 4420 4400 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://aemgroup.net.au/download.php1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab6b39758,0x7ffab6b39768,0x7ffab6b397782⤵PID:3220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:22⤵PID:100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:82⤵PID:332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:82⤵PID:4420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:12⤵PID:2764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:12⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:82⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:82⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:82⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1892,i,6451530550313793685,14822028012782254973,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1980
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3012
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ae1a72f725529b15cdfb0a61d753ccbe
SHA1f37d8f65a415998c6d46cc34d0d58ae2183e721e
SHA256c518ef4c7d8ad9b914d1fb56f2c0eb6f5af33c4b3236bb1d70f77cb96edac4a7
SHA51270d8b2be61cbacef6ef3a8e8161bfe1c074f31c0a8e84c52a40c7cbbe4b685677d720c256135200f7d9233dd36df7648f4e56ec79050768210f4aeec35350725
-
Filesize
1KB
MD5620331bed4c2c71c2864012b2928166d
SHA178cf95172cf82d517abc9442fc203838a021a978
SHA2566ef4bcef856696ff1fa98ace2268bcb50fa9fb5354d91b1c6eef8de8f203a4ca
SHA512dcef14297ad2d355ec7a745c3334619d28367910a36461b13fdb5db42c253eb7d2fea1dc429df9b9c09e915383f14fd73a5c1a2fe4679fa54a9c126eafcd24fa
-
Filesize
6KB
MD5f65d054fb782f9adba7234a9904a7521
SHA168c7a9d65d202303813b45a8a5f8bddefd4f383f
SHA256a94dacfd1f45b4135866fb3084f9341b8af3c33a96b4fa3fe687208dfa14c605
SHA5128d48b79f0f8e8f5d263247f4074e44f6329c6b0d41adc7582169b7742308530ef8bfbc0279c416574e808823dfc51b20eec88343b466932bcf6a4c709ffdcfb8
-
Filesize
6KB
MD57e38b25f5fe860ec79f8aeca9fae00af
SHA1ed6c62563c897c9772e55402cdc812397af2ef30
SHA2568d579edd2f075d1dba25adebca3db01d7f4fcb9b5d698307414baf39e968a3aa
SHA5121b183f824048120bbb570623481d267b4ab99b99a3e28b29bbdb35ff847ab34343c6b9f9b5d2108ad2b2b4d4cfb44cd05cd7ff789bf7f855b87b2e6c0a1f627d
-
Filesize
15KB
MD590ec240ab07792c6d64710abd6df2e4d
SHA13dd3e4cb356f2ef8cf5e1d6db22e768ac54599bd
SHA256d8926235230f399fc12f27c6ac9d8f510a02396068f3f988eadce8f5804e06d2
SHA512f3f339646511c4d29319c6f783b60a46f887083fc6685cf01dbd6c3ab7e006f8539a670e04f8357b578000663ddb4a775feeb61163dd5778541c15b71f1742fb
-
Filesize
142KB
MD5a6bee87bdb8544268d461f490224ccca
SHA110719adf993bede3d1045155d32b48b7720b8fd3
SHA256ad08d2e59783064e2806c28286e7fbb69e5adc2e0d62fca62a47e44cb423b3ef
SHA512b77e5171b101038550297527e9ff356b074e2cbd7ff8f04c6f25e9555177f528d1b74aef79dedb1e00d47b55e3166091badf0041150b1c5a0f212367a005ffc2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd