Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2023, 23:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://adfsaz.gskcrons.com
Resource
win10v2004-20230220-en
General
-
Target
http://adfsaz.gskcrons.com
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4048 3492 WerFault.exe 102 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133226217195081128" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 1308 chrome.exe 1308 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2708 chrome.exe 2708 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2708 wrote to memory of 4456 2708 chrome.exe 86 PID 2708 wrote to memory of 4456 2708 chrome.exe 86 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 3264 2708 chrome.exe 87 PID 2708 wrote to memory of 384 2708 chrome.exe 88 PID 2708 wrote to memory of 384 2708 chrome.exe 88 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89 PID 2708 wrote to memory of 4488 2708 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://adfsaz.gskcrons.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9136f9758,0x7ff9136f9768,0x7ff9136f97782⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:22⤵PID:3264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:82⤵PID:384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:82⤵PID:4488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:12⤵PID:2096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:12⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:82⤵PID:4080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:82⤵PID:3364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:82⤵PID:3420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:82⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:82⤵PID:4080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1848,i,389237355576562415,11767499537321771503,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1308
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4556
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 444 -p 3492 -ip 34921⤵PID:3960
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3492 -s 22921⤵
- Program crash
PID:4048
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5e82a2ba4d7fccef665c71d12cb175eb8
SHA1247338e1d3454c875e6d32128ebd2723100f5924
SHA256ff5dfda79a5fc57b3eed0a143af2fe0b67fe67e7485c709a34804380cf0d901a
SHA5125b10dbff1d9d9ff31d8a1f5b69c4cd9aefd76ee3c40fbb3739139248407cb1e05e1167d87049dc0b7a14402b44ac4f1fde46da7893ff49ca085c749086987d4e
-
Filesize
6KB
MD5cd19a78280ddb08bcc9fe0c5e70b7f28
SHA1c300279e88c4c6e53f9129aceb16c6a55643b9ee
SHA256015017a0291c8730c76dbce5a4bff2c8e8bdc5675c86d6cf594f613f886b4ef8
SHA512504ccfd01c947c35eb8bcc5638ebf616d3eff6d6eccdedc8830aff7f63e76cd4a7364d5b2b7a1bdca42276af24849b3e38713ae6ae16f16b84c6726e30bcca85
-
Filesize
15KB
MD509d16c84dc59172723c92726a37b2852
SHA1624233cd0d0d4a8f766825993a8be6d67f4dae32
SHA256e90a5f5afac05c468c0933f4a0bbb2bf78907a3d72cfdabc3e0d9554e5fd4f52
SHA5123a0a277d045c19250434884ca60e17374fb7414112bbb436fa3125dc3b03c29f3f7831d537ce2c225a67e4a328a5e4ad59e4a5a1b8d16e572e3e57d62ed74a53
-
Filesize
164KB
MD593a199109876420c9a9056175bb2698c
SHA14910e088cfa9062d45f934ac6d715a460cf794b2
SHA256392c0d72b9a7b44bff05c6da3faab140bd1559357708dfa222460b86e5527667
SHA5129e42aa180a55f785ca2f8b9ad37f4d46b86a32c9dfda127a681a95f2878bf2082b0ae3c6c1de36062b4963673108871986124c921655afacd4bb606e5821bae5
-
Filesize
72KB
MD5c13d3120a07ba88e97be92304328eab8
SHA174cd0840aee567971f3564a933b809c32561aec5
SHA256f17ddfbb98e0ea544fd0f1c83c8c6c61e7fb5aa0f21b8c5195402ca87cd05eb9
SHA512e6e0dc11e216c1d9ff72fd13c7b8570414508cc27272b838b7a4aa6a3cae6e43474bad89c2f9430740245c08eea3b1b725a7dbfeb93e2d338a5f0469f3cf018f
-
Filesize
144KB
MD54ce11088e234e867c7a9f701bc47df75
SHA14d494b51b18ccc554aae05fbd3ea3e458890e3f8
SHA25628cf59bb85cfef6093857b4efd0f87ca739eea226e6e9e90790dc428f63b9c54
SHA5128d1c014fca6362e1284b5dc908c582ae890933116673b33664738279d9a0d8d663ebed9141e0441ea18da5f39878d8f5dd79036e2bc2bc5107e25afef8dbc87a
-
Filesize
145KB
MD5edc3f1807163dbb0196d5c87b717ddc7
SHA1ad51afb6259eb9002dac1006c593c16e6167725e
SHA2565faede99321a91abdc8adf7b7bb82c4df6898499ddb5f68cba0d6aa8ee37fad3
SHA5127b893b1c0649c6bdffe1eeef7854dba9881d8e1234512fabac784451d6195220f702aa136dd7cf9def5924162ebca64701bfab80d0333d5d644d17eba3ae1382
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd