Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
25/04/2023, 17:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://csurgeries.com/
Resource
win10-20230220-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
https://csurgeries.com/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133269178654332513" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1232 chrome.exe 1232 chrome.exe 4868 chrome.exe 4868 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: 33 3908 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3908 AUDIODG.EXE Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1232 wrote to memory of 1316 1232 chrome.exe 66 PID 1232 wrote to memory of 1316 1232 chrome.exe 66 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 4072 1232 chrome.exe 69 PID 1232 wrote to memory of 3596 1232 chrome.exe 68 PID 1232 wrote to memory of 3596 1232 chrome.exe 68 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70 PID 1232 wrote to memory of 4148 1232 chrome.exe 70
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://csurgeries.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1232 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff833719758,0x7ff833719768,0x7ff8337197782⤵PID:1316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:82⤵PID:3596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:22⤵PID:4072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:82⤵PID:4148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:12⤵PID:3724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:12⤵PID:1328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4948 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:12⤵PID:2232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:82⤵PID:2956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:82⤵PID:4400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:82⤵PID:3868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=848 --field-trial-handle=1736,i,404220206863354699,15562606104895749766,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2784
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x39c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3908
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
163KB
MD5109e1354dcad59ff8d3e589dcc09299a
SHA1bc2cf564c7967a59936c2074b78e124e17439c3a
SHA256a9f34a49984f7a94c7a522a6d171e470701d34a4b630dcb7ae673e6cfaf2e5ae
SHA5124a85f37ac35db60a44e729a0ee842e45172657c17c71022dfa73aed445106b833cdceccf94b1735737d5b9c06da8db19a6799186bbf742544c943a4b8de737ce
-
Filesize
1KB
MD513e77f39c73165c2cffe2ef0eb1cb601
SHA11304d2ae96a74359d18de335779851b44adb2ac0
SHA256030842b7bb87f56932b6fd909a6c65932c314a11468a364294e16962eb78f070
SHA5125d3f822e29353fc1c994e745c1991a8a8be75775dc4ad0209c5aa50679676061348cc3b507b08e691e795a5f7e0ef44b5823438cf673cba8da2173696e9120ed
-
Filesize
2KB
MD52625b359119698acafb6dff1e8340f1d
SHA1e0c9806fff6e43eb7e58f46ce174061288cd7c82
SHA2568da24e11b428c3337ea169d99b2491a1c9af9522c12cc0cc8c16ec2840877540
SHA5126976b68b2dfa2d9a526f41c4f7f7980ee5f75724cf1b443c23c7f50bdb17539ff187e8ecc56758a39652c9d514e6dc57041f91c738d20061e0b2873d34c0f64a
-
Filesize
1KB
MD540ffe2d42293f1f662a805c1a5c9ef85
SHA1f6175251da574c96242567fdb4c87aa78ec01022
SHA256fd53c3212c5da1cb7979d662cab212a20a5027ee420f5983078ad67bd400371e
SHA51251d789acf55bc5a906a691f748626e9ad77d363e487e2c1014cb27df5c7419b4a3447ef27bbb9e5897dc86fc028c7620ed0e6fe72879b98d37353ba5a192d42a
-
Filesize
5KB
MD5f12a015529e7e4f5492b2dfbb4ba7273
SHA1061e29ef9f795e7ba924bc47ad9e3ad4da5dac72
SHA256f8ff606042f21d2e277547d75cf6c87f96e6ab4c58757e45be46500839a67cdd
SHA51264d19ce9fd41692ab30cc9e7b3c322e29f3cd4bfb8e43289e27bbeb372e57ee1a305a3a7d8b9363c79068399174ed67d8db9e05b1db130b8b833e117ca86f9d3
-
Filesize
5KB
MD509db55b863d618e09386ee9067558acf
SHA1823cecaefbef9c892e67117a2b46ac49df3a5191
SHA256761695e29821566f1b14d6759069cdad2788164e13bd8aa2296340e528ba6261
SHA51251daafc7407694fe6f4ce266519fdb9a8906c72eecabfd65e13eaf7c3a019fb0bf4102bf4099d190862a6fad785774c076715218786d4eedd9da57b253fa2965
-
Filesize
5KB
MD5b2a2ee830fa82ae1e83bd3815bc3dabd
SHA1f0f4694c2d5d0e35b7d661a43c5cfb1f23b8f5c3
SHA256b690f0cc81889cbebdabd8c02cb889074f11dec60635f6d21e9f766cd14d12d5
SHA512e824622e4db2dcd82147fc39143ae171b5515a825768990c803c81441edfc48a101482680ba3fad704054de7b5388e799279112d0adaf3143cba768f55678acd
-
Filesize
5KB
MD5fc0e44e596ba44b4dca41915a2ffe23b
SHA1122d66c15249cf9c3b4862ff4184b4eb2129aaa1
SHA25618434da96c8743ce6d5ba25a913b46ea257c64eb86e4f6352eb8e27c2542c983
SHA512eddd83e9d2b8a62da1e4c9fe5fbb41ee49e6baa2f98ec58da7d1ce3f0d507102fa106835286e027b0e11c848e6025bd381a8fcde34d1512406556388fd4ed19b
-
Filesize
200KB
MD539c454708158bfc825d3d92818abae43
SHA171123aca0642ff456d2b0e4c131ee032f533665b
SHA2569283102dddd9b6e9d18311a34cfc4d61c16aaf1b3bd6cd0660927f0e52632d54
SHA5129f802e4a1c308a3d439ffe70371a2c0895fd3f5ba0572297e242ac8596616e96a261bba2a735dbef5f16646710996aa9925c43dbde29c0296583a50e03593cd7
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd