Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
21/03/2023, 11:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pdfhost.io/v/kk4K.jSdN_Facture_56185
Resource
win7-20230220-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
https://pdfhost.io/v/kk4K.jSdN_Facture_56185
Resource
win10-20230220-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
https://pdfhost.io/v/kk4K.jSdN_Facture_56185
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238705986775551" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1596 chrome.exe 1596 chrome.exe 212 chrome.exe 212 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1596 wrote to memory of 3520 1596 chrome.exe 66 PID 1596 wrote to memory of 3520 1596 chrome.exe 66 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 4784 1596 chrome.exe 70 PID 1596 wrote to memory of 3088 1596 chrome.exe 69 PID 1596 wrote to memory of 3088 1596 chrome.exe 69 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68 PID 1596 wrote to memory of 4156 1596 chrome.exe 68
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://pdfhost.io/v/kk4K.jSdN_Facture_561851⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff1fcc9758,0x7fff1fcc9768,0x7fff1fcc97782⤵PID:3520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1960 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:82⤵PID:4156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:82⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:22⤵PID:4784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:12⤵PID:4868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:12⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4956 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:12⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4488 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:12⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5052 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:12⤵PID:4924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:82⤵PID:4432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:82⤵PID:1084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5452 --field-trial-handle=1756,i,14064585490748548930,13051692735212031422,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:212
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4816
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD57971a0ad1c0b453b5f2450c0479079a1
SHA149c90cb0bb2f2133c371caf3f279cafdc6f4c566
SHA25651bb3965c0e13ef557e4098aa2686c732e9988b42b7af7c13b675520e294ee8b
SHA5120f11fb828747a4ebc238c05120f6f059a2a178f6d4eefd168ba02e917eb2296003fb25581fa17d7a2f04c3c1da173a6946bbd646bba9b8901395ebd08c49cbc6
-
Filesize
1KB
MD58f18ca3f1f3eba51ebdb5de7c431fbb1
SHA1daf300beb2afbc6533743342386c80c7201a6a3a
SHA2567a60aec75f8de6d6f53a50af79cce344717ba54c859fb48175d53d9941c33edc
SHA512ddd351e40466c9122ac9993b43e0e78c7f7106c12fe3bc2adf320fa237a581834340a1b90844bd03d068c85896a0e7f78ae66ebe8fef0301bbf57c1f40bcc720
-
Filesize
2KB
MD58fc243f3fe9eb2c26f200ac751e7e3ce
SHA113bf31d00815dc4575d953d2019a65961c586285
SHA256ded0d8679706e1f310cb492d5b1cef462a0f6ece5c5b4ddf5283b773c35830e9
SHA512bc9d6e6ee6ee64ac9022fe09e066cf77eaccaf9ff807bbbbfa87d53e337b20b1cee3937ca8540aa57ccbb5f248e41f8dfc1318621591c7a0c472cefc79e3683d
-
Filesize
1KB
MD5190a1335f5aba325f7baf1e42b84d60b
SHA18b3982141ac9e2963ac1799ab5e16f48a6959f6e
SHA2560511e49f6256dfee24d80b698a8eadb2e4b77f1567fa943f344ca80c0fd38c38
SHA512c258d708e3a8d4436b218770d6f93ba9e50fe23a1f540886dd04c48b16e5f6ee32e33304b1a6437c651da3aa4b9f2e4eebb4b690038ea68cb06aa447af0add2b
-
Filesize
5KB
MD5695a214496abbdd654850c0945766b3c
SHA1d59e34b56a9cb436351fedf4f8d4d4e0fca0fe60
SHA256783ccec889bfbb60a3a640b29d7c94b05f9929e54d9920543eccdd9210ef5e15
SHA5123255f6596aa4dcf003a81a4604cb8879e59f9ae0609ee9520bc9566f8a39162cbf76b5aaff6e09a38dc999279e98e16bffbee0de63708bf39d7fe780e784ac43
-
Filesize
5KB
MD5de58b76f918a09af5437a759a8ea9c3b
SHA1dc33bdd838199db685d4df022e5e3af686fd44f6
SHA25617508a59a460841433fe90153f9681934ba49b8400b8e2154f100e931d4f3eca
SHA512fb944df0db955caa424cc4bac65a1a127928a0da766a3d339ae79a4d519d5e2386c89fcde666df8e672bf6d187052627d782e6aa8a3686927b775bf0177fefdb
-
Filesize
5KB
MD58133c3616550c9614214c79e4c5b10c1
SHA15f251426eed9366dd588c912cb09907ced92bc15
SHA25664b7316d0cdbd89232812161d09dbcfda709ed24b3c4aa00c698635eaf36035f
SHA5126ce03bcbee5d478de61653d7c9be10a261522adfe6b6bce64dc1abfa00ad1aff5b70afc6cacb696f6d8ac7d3d2ffaf2e1076335e201e8c932fd41fefe419d42c
-
Filesize
144KB
MD5322e2e2c16979f8b098fd32a7e8a7b1f
SHA10a98ed6e2d1b0219a169afa09bf4ba4d2668ebb6
SHA256f92f39f2338e20c9f9a209eba8e3df7936ec8a30171fa0ea74a903f1252569dc
SHA5126139e9daf8c0156024a8eaff4b43a151140b1fc5ac08d207b157e9c25bfbc8ad77c694981321412b91de8e5802ba29645e2780c363d9f4dbeff7fd1d37dd95a9
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd