Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
27s -
max time network
27s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-ja -
resource tags
arch:x64arch:x86image:win10v2004-20230220-jalocale:ja-jpos:windows10-2004-x64systemwindows -
submitted
16/03/2023, 00:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://fbcdn2.com
Resource
win10v2004-20230220-ja
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://fbcdn2.com
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234047816768999" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 664 chrome.exe 664 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 664 chrome.exe 664 chrome.exe -
Suspicious use of AdjustPrivilegeToken 38 IoCs
description pid Process Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe Token: SeShutdownPrivilege 664 chrome.exe Token: SeCreatePagefilePrivilege 664 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe 664 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 664 wrote to memory of 1552 664 chrome.exe 84 PID 664 wrote to memory of 1552 664 chrome.exe 84 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 912 664 chrome.exe 85 PID 664 wrote to memory of 2132 664 chrome.exe 86 PID 664 wrote to memory of 2132 664 chrome.exe 86 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87 PID 664 wrote to memory of 4768 664 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://fbcdn2.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:664 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3f6f9758,0x7fff3f6f9768,0x7fff3f6f97782⤵PID:1552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1744,i,12731372538444153850,5174967964401839147,131072 /prefetch:22⤵PID:912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1744,i,12731372538444153850,5174967964401839147,131072 /prefetch:82⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1744,i,12731372538444153850,5174967964401839147,131072 /prefetch:82⤵PID:4768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1744,i,12731372538444153850,5174967964401839147,131072 /prefetch:12⤵PID:1916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1744,i,12731372538444153850,5174967964401839147,131072 /prefetch:12⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1744,i,12731372538444153850,5174967964401839147,131072 /prefetch:82⤵PID:2564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1744,i,12731372538444153850,5174967964401839147,131072 /prefetch:82⤵PID:1268
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4780
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5ab2cbd784c4e8e48694ce4db92b9122a
SHA151754a303410d5f68b40c3757e8fd0825ca21410
SHA256babce3e8f23e0fb4c8079bc4f374f72e9b01d5cfe51a80fe0765506938c221a1
SHA512da893cfb7dee99a36243dcc0d4c0fe0eea35bdad6a8b199eaf6f21d9640665ff8bdb0b88fa5adb0516a8705bc971e12a801bcbd5b2a5b2ac711531862cd99dae
-
Filesize
142KB
MD5b9b4a6ae9ad470bf5141185cced20b07
SHA1843469d585244a34a4bb7394124649f6b963b7fd
SHA256469406fd71bac5b9541e42c950f101cb9de7e810ff449db2e8cd37c2def9f2f6
SHA51281cc24d474247ed87d5983a672b961776a56b52cb5ae79a6cc725717e161ffddc31990bf27fe75d0c33bdc1430ba7a25c9b85d6ccdb1ded44842fa69c8eaad7a