Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
123s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2023, 14:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.baidu.com
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://www.baidu.com
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133226725130735663" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1428 chrome.exe 1428 chrome.exe 3796 chrome.exe 3796 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1428 chrome.exe 1428 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe Token: SeShutdownPrivilege 1428 chrome.exe Token: SeCreatePagefilePrivilege 1428 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe 1428 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1428 wrote to memory of 1400 1428 chrome.exe 87 PID 1428 wrote to memory of 1400 1428 chrome.exe 87 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 820 1428 chrome.exe 88 PID 1428 wrote to memory of 5008 1428 chrome.exe 89 PID 1428 wrote to memory of 5008 1428 chrome.exe 89 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90 PID 1428 wrote to memory of 2260 1428 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.baidu.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd3bc9758,0x7ffbd3bc9768,0x7ffbd3bc97782⤵PID:1400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1812,i,11440069907460721176,8810439378407209205,131072 /prefetch:22⤵PID:820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,11440069907460721176,8810439378407209205,131072 /prefetch:82⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,11440069907460721176,8810439378407209205,131072 /prefetch:82⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1812,i,11440069907460721176,8810439378407209205,131072 /prefetch:12⤵PID:1520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1812,i,11440069907460721176,8810439378407209205,131072 /prefetch:12⤵PID:3592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1812,i,11440069907460721176,8810439378407209205,131072 /prefetch:82⤵PID:4272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1812,i,11440069907460721176,8810439378407209205,131072 /prefetch:82⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2848 --field-trial-handle=1812,i,11440069907460721176,8810439378407209205,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3796
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1328
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5185b1ba2a929c3d047ad1e36fb4cae66
SHA13899084e705a05f6fa1168a6b09b43663931d6bf
SHA256278daae11b8bfd3a316330604f31f8cb760c2e5db84ab7b9a7cdb28858154864
SHA5128543e8cbb2a183014a7c169e030b4c5254799055da4567c6e16797650c8b9b1addf3314aa917a0b4da486997bc9fdb189c87c9fcf2843f5fcfc8734175999e69
-
Filesize
5KB
MD5a6f4c798fe4fe2b72d8384e80264c166
SHA11ae943f75768c97d136d1e9bb3c3ad7a45ac3247
SHA256d934d17d183d1284fbff38b7ad2020d5136484af4374d63f93e9b37aa7e2de65
SHA5123f91bc2d058271ce4061b0cd86023200e427e5c2170b949c188d297b5970cc66be6a1d8c20c6bbb47bcb8a6307ac2d99c0c06f1a80a3e83648408a9f37c5c388
-
Filesize
5KB
MD5509bbf791cc32ee36ca99879c527aa72
SHA1dadeda57ba08212c030b15b68093dc03316f92be
SHA2562a2bd28d1178225020f1c458b1a8954affdd4a9d5296fa4cd3012e7bf71499de
SHA512dcdb173789eaf307e9d2e094b69e8101eb107d28a2d1d0a56a6c50894712b548758095be0158d6ec7ab4e93bf72e8e32e4af346cb9d5052537ab2198e3e0651d
-
Filesize
143KB
MD5cacf19bbdf6eee70bf735a03365927d5
SHA1c6a88b22b802533a4b1b64cb3f24861ca9f9da07
SHA256ad6dced5936891189fb19fb02e053a5058c075b27480a0eda535a51aa03c9ff7
SHA51215ae5e2fd494c2d32126f01731e5facd164b302f22f28b3e701f43f341809b4c52995c0f92a913efebd5b813fb93a8c208ce3837aac5c0a9ff8cd0a8b3c87505
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd