Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
49s -
max time network
49s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22/03/2023, 09:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://jci213.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cCUzQSUyRiUyRmlucXVhdGFuZ2hhbm9pLmNvbSUyRm9v&sig=7yfQNahaDznaWe9igFbaCyjcfLhjN9KPLLLWLxZE536g&iat=1679446260&a=%7C%7C68527412%7C%7C&account=jci213%2Eactivehosted%2Ecom&email=9zDbwpGMFGaOcEwKbPMx44dtwNyPTeVUww4uSSsqyRHkReemaSeSAtv2%2Fg%3D%3D%3Auoz8HozbbAZUQ1jsjvuvbmowiwuelJ9M&s=768943f282bd428eb8f717b9a25a8b2e&i=127A180A9A516
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://jci213.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cCUzQSUyRiUyRmlucXVhdGFuZ2hhbm9pLmNvbSUyRm9v&sig=7yfQNahaDznaWe9igFbaCyjcfLhjN9KPLLLWLxZE536g&iat=1679446260&a=%7C%7C68527412%7C%7C&account=jci213%2Eactivehosted%2Ecom&email=9zDbwpGMFGaOcEwKbPMx44dtwNyPTeVUww4uSSsqyRHkReemaSeSAtv2%2Fg%3D%3D%3Auoz8HozbbAZUQ1jsjvuvbmowiwuelJ9M&s=768943f282bd428eb8f717b9a25a8b2e&i=127A180A9A516
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239503244439044" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1544 chrome.exe 1544 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe Token: SeShutdownPrivilege 1544 chrome.exe Token: SeCreatePagefilePrivilege 1544 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe 1544 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1544 wrote to memory of 3268 1544 chrome.exe 88 PID 1544 wrote to memory of 3268 1544 chrome.exe 88 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 2036 1544 chrome.exe 89 PID 1544 wrote to memory of 3004 1544 chrome.exe 90 PID 1544 wrote to memory of 3004 1544 chrome.exe 90 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91 PID 1544 wrote to memory of 2092 1544 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://jci213.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cCUzQSUyRiUyRmlucXVhdGFuZ2hhbm9pLmNvbSUyRm9v&sig=7yfQNahaDznaWe9igFbaCyjcfLhjN9KPLLLWLxZE536g&iat=1679446260&a=%7C%7C68527412%7C%7C&account=jci213%2Eactivehosted%2Ecom&email=9zDbwpGMFGaOcEwKbPMx44dtwNyPTeVUww4uSSsqyRHkReemaSeSAtv2%2Fg%3D%3D%3Auoz8HozbbAZUQ1jsjvuvbmowiwuelJ9M&s=768943f282bd428eb8f717b9a25a8b2e&i=127A180A9A5161⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1544 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffec4309758,0x7ffec4309768,0x7ffec43097782⤵PID:3268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:22⤵PID:2036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:82⤵PID:3004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:12⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:12⤵PID:4388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4788 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:12⤵PID:4768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4968 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:12⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:82⤵PID:1960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1788,i,11534490068572346101,14776967195449766010,131072 /prefetch:82⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3800
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120B
MD5312d49d51d21c68b9863058e82ded0d1
SHA178d64d12dcc45841075f438f4d0ff5f566c6eadc
SHA2561e33433cff019f3cd148bf0326340225f2de553ba49fc71ef5681f8f152dd809
SHA512332227d8b0df947ed80f06ee7bbf64d6935434f8b505384f617db637b56f946c61bce2aecb7b1294da9cd3088dcde4f03de0d7239328e9a399dbae6fab7da5ad
-
Filesize
539B
MD5e97c0a6253a379f7bae0bb74eb02fef9
SHA105b62bf069e1d6e06db98893ec565c256b36b779
SHA2561efe1217b69e7d6fabd96fae255d99bec8c7dc1d2ac046c952221b63623ef1e1
SHA512816edcd010d49f71aeea6a2c09e742d7e638d9f436d86c7ae795f902b278507012a9804199f7d28fe2bd14f61f773f806485a523ff9bebedf7fc6ab8cdb83b30
-
Filesize
539B
MD51526d9493e49dc68cb350cae3e8b47cf
SHA131f1c9866d37e3ad256ee6c2ec408f6bcef043f9
SHA25679bfbb6823acf5b79ecddb4caadf1f77c527e81b8e6b5aeb42efd288cdad6263
SHA512124ae2cfc237cc3d00d6d270e2eae4096ee2a1bf56842b7809cadf261e5ce8ecf98ac0b36232ef62112c4dab6547935cdf3cfdad82f0e2919d77bfdcec1a7671
-
Filesize
539B
MD5c3842e44e665e2c5af8e8433ca2bee59
SHA1514b64846a3ae349f957a133450ba8d4b179935a
SHA256d57d09d46bdfe007b1721454f4370d22120c4c3f3c4299a5159b1b897c088551
SHA51205ef189a36b8bac29a0da6dd2a91ab8330b652da10da6673b0432c3892e371992e62a82c17c9dc9745a9c71e7a1437a5de92916b35f3edaab8816d0bd5c67bb5
-
Filesize
5KB
MD5f5cc9cdc65a05c329efe2ef2831f510d
SHA1d8ad13b073ac917368647440d5635d0e10bc4d7c
SHA25606f13fb5b2df67f56a0bb8e14d18f61eed9b3503a242f9ce5a2fd698ba7d2c4f
SHA512d94dcb44547e11644e661109fd60fc9925f235e6e4abe6de702bd68a7ea6f53e4189b96962bcb523c47aad854a28104ada033d9fb937d8ff69fefc7515507595
-
Filesize
5KB
MD59fd5127bf08a3bdfa8cf2a89c8c1f3b7
SHA125f94ea08e1eb33c69b81e22ac58450067ecb6e5
SHA25639f0fdd4705d1f0f798b445798cc89b2bb69db4533aff37e9c356a43ead3c67c
SHA512e147fd5edba90c8d95da597b60d7e151b3fc7e6cee31501e81c4de1910ae4b88720a41a115494cc0bf7abd9692852e2ce9ab04349765ade12229dd1a7eeac53b
-
Filesize
5KB
MD53532dd61b7cfb532dcfc61ff1b027206
SHA1faf7e40bd3b631d76e82e036818bf0b5d8fb9f43
SHA2561e8d6137e351da937d017ad0a002a645a20ec4a34d8bfb67063201fed6652cae
SHA51291b5c56312889d70e8b63ca0ef212b350575bf7fb864b8a5241c3cb8ba6caba606e7281a80329045245c3584bb488a62c1e383235eb3d2d9ee2393bc97fe644a
-
Filesize
144KB
MD5707b09b79af8ef5c3a48d7e5b15ec1ec
SHA145a7167e9c76049f9a8444d108c646d444e05bbf
SHA25691c76a44a1985be4ad8b385253ec717994e409079f21fb081d2eaa67d24ea6b0
SHA51266072c8b3d446dfc108ca38f001f1214aa1c9c70f5fee082f77ca73949e98a5a42baa0854b337b9e68d844e7a1c5ebbe4405508eec9b14183d3a0be1bd3941e9
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd