Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
59s -
max time network
60s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2023, 23:12
Static task
static1
Behavioral task
behavioral1
Sample
Mailbox..html
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
60 seconds
General
-
Target
Mailbox..html
-
Size
4KB
-
MD5
b47007ab8acd286f056b03a9fe942147
-
SHA1
23a73c944146db67fde77e0436173b4ca1b226e8
-
SHA256
63af8ce942c2253a75d6ff21776131c1373e79f52e0c5832e2f94b1e504749dc
-
SHA512
80a151f4d5aa40ba0c9ba385481e2adc7c1209bf6f4713461a56f2abda1f7ac8a93cae5daa5b93cfbac454c45e13e321e82ba9de6326bd713c8ec240642bab4d
-
SSDEEP
96:tBRzXGGgG2F850fVpwXFy1mfJd4kEt660FLBWJPS8:tLzgG2F850fk0sPkF3
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133264268902575667" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 224 chrome.exe 224 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 224 chrome.exe 224 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe Token: SeShutdownPrivilege 224 chrome.exe Token: SeCreatePagefilePrivilege 224 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe 224 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 224 wrote to memory of 1088 224 chrome.exe 83 PID 224 wrote to memory of 1088 224 chrome.exe 83 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2456 224 chrome.exe 84 PID 224 wrote to memory of 2172 224 chrome.exe 85 PID 224 wrote to memory of 2172 224 chrome.exe 85 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86 PID 224 wrote to memory of 2860 224 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Mailbox..html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff9d90d9758,0x7ff9d90d9768,0x7ff9d90d97782⤵PID:1088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1808,i,16843602459933576483,9589663354975709949,131072 /prefetch:22⤵PID:2456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1808,i,16843602459933576483,9589663354975709949,131072 /prefetch:82⤵PID:2172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1256 --field-trial-handle=1808,i,16843602459933576483,9589663354975709949,131072 /prefetch:82⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1808,i,16843602459933576483,9589663354975709949,131072 /prefetch:12⤵PID:4968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1808,i,16843602459933576483,9589663354975709949,131072 /prefetch:12⤵PID:4268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1808,i,16843602459933576483,9589663354975709949,131072 /prefetch:82⤵PID:4788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1808,i,16843602459933576483,9589663354975709949,131072 /prefetch:82⤵PID:3180
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2060
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD556e26e0303aed0e4aeb871b59440ce01
SHA18b8297f6cb3084af1c47186fd6d0823431c83c4b
SHA256961037a802d2ed21f34e89f0d1ce5420dee6f6ce33ee3f222e28e4487dbf35c4
SHA512c07f0b88a4195c19bee598788036b326382762e9214abd59984243cd1437713c3f7feca5da4d457e8327e0c76901de4874d2f24cbeb5e633d9dd5f886b879094
-
Filesize
4KB
MD5867a6850378f9baaa349a53e6921294d
SHA1c3ef4d42222c74dd8585afa6ee7e6c2ff88b18bc
SHA25605eb9571aecb09729d7fa9048cc61af3bb43f0ec279f94996738cf5d13475e1c
SHA512dab62c27ed6cc09b4b0f7526ca760f38b37245f391b134c022426ebf0ab9861173fe6f07068137d3da8de3e018e3fb08eb175ec12fe9a022dd76ce2474216fc8
-
Filesize
200KB
MD588080bcb1388d49bd04926f65c945718
SHA124b54de8e71bbd841dd0a8759da9e368248d7fda
SHA256fa0a2cfa0c5b356924455804899bebdf5320ad48212b1f461f25a341fcf1c366
SHA5128b6d036933dc1b4e45578e3e6744e403f5421b8f057febc0970477a233a83a2de173aa621d2c542e68d1af253d184522da18c1cb28dc0ff60d68f7769b91e5f7