Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
44s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
23/03/2023, 15:35
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://wcomsq234s640618a09355e.tanmah.ru
Resource
win10-20230220-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
http://wcomsq234s640618a09355e.tanmah.ru
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240629727322980" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3476 chrome.exe 3476 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe Token: SeShutdownPrivilege 3476 chrome.exe Token: SeCreatePagefilePrivilege 3476 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe 3476 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3476 wrote to memory of 1008 3476 chrome.exe 66 PID 3476 wrote to memory of 1008 3476 chrome.exe 66 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1552 3476 chrome.exe 69 PID 3476 wrote to memory of 1532 3476 chrome.exe 68 PID 3476 wrote to memory of 1532 3476 chrome.exe 68 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70 PID 3476 wrote to memory of 2252 3476 chrome.exe 70
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://wcomsq234s640618a09355e.tanmah.ru1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc3d119758,0x7ffc3d119768,0x7ffc3d1197782⤵PID:1008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:82⤵PID:1532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:22⤵PID:1552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2000 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:82⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2776 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:12⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2752 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:12⤵PID:1120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:12⤵PID:3612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:82⤵PID:4376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:82⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:82⤵PID:4072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1768,i,1472654684844904638,8138356291679975402,131072 /prefetch:82⤵PID:3124
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4732
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD527fc17951ed3f2a6605c8f5f90039e7a
SHA11beb8b4fe20cbd2d0926f25c26ec2fb219fbd20e
SHA25643ca3482dcf9e1976cd3e28c4e7057d155dbf8f374a84bb25e48611805dcec88
SHA512171812014c69fe40476b6f3d25ed7e31bb18e5fc507ae6a58474ba9d03e7e6c66a9213ed478122ce6cf14be3d6efd4a06d4e312c116a47f121d66aa24e54bbb2
-
Filesize
6KB
MD56e5fb7ee2ba8adc3f591ba8f2c5207d5
SHA1ddeab8bd1738219b1503855e326fdb902e05efe3
SHA25601abe1be8451e1a78f895f63efcbdd40721e1fbbd4ca0de7773f12bab75aab9d
SHA5126aea828a8a47060ea0a37aa87874a6a8b0068bc0db03e879608e15cfb806e8e1cd48840521795feb7901e708d8d301fc9d8ae96111a493c96df23f644c1d8075
-
Filesize
5KB
MD5a95beb53bc3f79ef813f52b474231de9
SHA1538ee0ea476d94ccb3f508ff682b271c1abe88cb
SHA256cda7f208432c313d38da8bfc7998d8440318e546d0a32db5102066f23793dc0d
SHA5127c3c14b36c6f101d8511aa180301d04fb96ecb45a87204cbae901834e20eb7d2ace643fe9eaa620a4063bda7079b46fd833bb53eebb25921aabbaeb7cdfac605
-
Filesize
146KB
MD587f4e604a40eb180d7384cfbc842acd5
SHA1c36a3de8c15aa938117e8ec6f8888b6aed7d3d36
SHA25605a7df3f732afba2ab79a7f3ee0fdb82f2ad1cb4b44f08cdf346cb6b8e55ebbf
SHA512b467e0a1888c74d123b66e452fa78553bb53abb83fb549f76301e53be7015e257181439e82390841a715ab7ba03ef1e9d0ee8955c249680d66d7da0915339f78
-
Filesize
72KB
MD5021c22a5b27eb78ae8a1cd12f0d26f6b
SHA1c26d35bdb4cd5310a929ef363f97007ff746d17d
SHA25604659882801b95a4666eab83ea83642f94c75cab9bfef350d292e8e83841f7e2
SHA512e0bdabf1ad6c1a58be77c93a42627b396154d31c3deeb00986280e26b05ca98efd2d310d524a81187754689f6c9fba49fba270a6d90c6c3ae485e36ec9514c15
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd