Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
03/05/2023, 07:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&PluID=0&Pos=20&EyeblasterID=1086486580&clk=1&ctick=00484900&rtu=http%3A%2F%2F66lalj.gcnah.iepsantalucia.edu.pe%2FbGVlX2JveWRAYmlvLXJhZC5jb20=
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&PluID=0&Pos=20&EyeblasterID=1086486580&clk=1&ctick=00484900&rtu=http%3A%2F%2F66lalj.gcnah.iepsantalucia.edu.pe%2FbGVlX2JveWRAYmlvLXJhZC5jb20=
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133275714136388524" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2952 chrome.exe 2952 chrome.exe 896 chrome.exe 896 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe Token: SeShutdownPrivilege 2952 chrome.exe Token: SeCreatePagefilePrivilege 2952 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe 2952 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2952 wrote to memory of 3244 2952 chrome.exe 85 PID 2952 wrote to memory of 3244 2952 chrome.exe 85 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 2140 2952 chrome.exe 86 PID 2952 wrote to memory of 1248 2952 chrome.exe 87 PID 2952 wrote to memory of 1248 2952 chrome.exe 87 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88 PID 2952 wrote to memory of 624 2952 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&PluID=0&Pos=20&EyeblasterID=1086486580&clk=1&ctick=00484900&rtu=http%3A%2F%2F66lalj.gcnah.iepsantalucia.edu.pe%2FbGVlX2JveWRAYmlvLXJhZC5jb20=1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff85c8d9758,0x7ff85c8d9768,0x7ff85c8d97782⤵PID:3244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:22⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:82⤵PID:1248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:82⤵PID:624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:12⤵PID:1776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:12⤵PID:2464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:12⤵PID:896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4828 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:12⤵PID:1612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5020 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:12⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3748 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:12⤵PID:2544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:82⤵PID:2336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:82⤵PID:1720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1820,i,9546119822188049557,15320924940840478968,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:896
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4980
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD55c6026845f7bc73d4be2e2866c43d0ad
SHA192ae8f6f2003a4b85311633016ce566c6e45bf7b
SHA2564cf5354769e7cc30d54645812a4243405f1d7094f18b0dc38cce41a56759ce96
SHA5127829bd80d8be1f1b6cdceda46fad70707f37893e26dee1d720dbc1a9fcc340b8ea6545192a16487c9bb9676587cd2f5a098ff59a10d93601b769a08748885888
-
Filesize
1KB
MD515f362507af0964dc5164a974cd4bb34
SHA16b8d429f478809cc81e69912d61767fed94003d0
SHA256986a375a33ad659510523eeacaf90f82a50a6a716ba472cfe038ed4c6b98ceef
SHA5128b0e542113c5f46089cbc2501867a0972260cd276f4edd6909e52054dccbdb918f4a3e4c8af3f183ef1e5ed3d90fce81c13388d93ee21680ac2078c153314395
-
Filesize
1KB
MD56e4107333846aead47ed67a402802974
SHA10a67e6d2aa7b54da0e7345776664967bb779d134
SHA256b1d414ea9d470837f99fe2bd4ceb5a598fa5bd4541f606866d90f0b5a4afc40f
SHA512c6e388e0270704442aa36f61622374f12348952adbb2d46cfe2867f9c299a31e3386e43162e6049c6f2b4e12bdab1de21747f8b1be5cb9046833bbc378224d2a
-
Filesize
1KB
MD5d6b513123f2104d98d02875d2893f6ff
SHA186ed2aa436b8bc2fa352bb3e158421a1029ee55e
SHA256a28c427dbe9d140d6d095bb84957703e334b7cbfe4a47ef2aa0c51321dae8eb2
SHA5127021a4315f595f8e740807d990e17bca25e5f91bf10cf0c86e6f4844d13126b570e0b16d4146eb41fa87332c98c18a544baaa7f26c47a1baeb61a0fc820a1809
-
Filesize
6KB
MD5a8662ee135d9dfaeb138866992df8982
SHA17a789da3896841320de36ec784e35bbd7c5dae63
SHA256dcd18393664f97ff25e9449b3bb203ac272760ce04da0e8b2126f97dcdd6fddb
SHA512896ab6c4bd5c4c469e7bb88836f1174a432fb12fac53ee950bd549712fa4bf420531dbea93822f2910f524803661b2bfa30866f0c9942999c1ce31db0b136403
-
Filesize
147KB
MD508dea5385d15b04e5f038ff413dee62d
SHA15d36306fcf8b556234e822fe0672401d45cc3084
SHA25683cdff6cd11c912e856e1a404e65cf9ce34a93d9e142485781ad665e6d067230
SHA512be1bd549809f623cfe4f5df161f7364acdd8784a1bb6abd122af98023612c3197d213017d4ff53c9ae1471c84b116b603e7f948fc0ac309b392d2d9b8bde0028
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd