Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2023, 05:56
Static task
static1
Behavioral task
behavioral1
Sample
T72ZFU.html
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
T72ZFU.html
-
Size
16KB
-
MD5
ffd552b0029f1f0260f47afc974b5dac
-
SHA1
a7b75ec13b84846b7b3c02c1d2e8fe6e37c09b34
-
SHA256
014898bd15c7d271b62c610b72fae95fdd9f3435f1b74bf2c4eb1cdf6832ad23
-
SHA512
861eb4027f68a6458a6893e9c0eff436a85d055bcbd85038142fa6f3d154cdddddf5a1baefdfa2482d72fe9fba7aa2d874eb414c3397d473716e9370e929ec61
-
SSDEEP
192:9X0P7dYhs9jx9XeKo064Mj8I4DWk3z3LnQkp2NamgRFMhgld/G/tLanlQgcWsmzX:Z039i064Mj8I4XzdZd+Ba6in
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133287838186486825" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1392 chrome.exe 1392 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1392 chrome.exe 1392 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe Token: SeShutdownPrivilege 1392 chrome.exe Token: SeCreatePagefilePrivilege 1392 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe 1392 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1392 wrote to memory of 3176 1392 chrome.exe 83 PID 1392 wrote to memory of 3176 1392 chrome.exe 83 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 2804 1392 chrome.exe 84 PID 1392 wrote to memory of 3880 1392 chrome.exe 85 PID 1392 wrote to memory of 3880 1392 chrome.exe 85 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86 PID 1392 wrote to memory of 636 1392 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\T72ZFU.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1392 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa91569758,0x7ffa91569768,0x7ffa915697782⤵PID:3176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1780,i,16440238113241019345,10853503133254993935,131072 /prefetch:22⤵PID:2804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1780,i,16440238113241019345,10853503133254993935,131072 /prefetch:82⤵PID:3880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1780,i,16440238113241019345,10853503133254993935,131072 /prefetch:82⤵PID:636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1780,i,16440238113241019345,10853503133254993935,131072 /prefetch:12⤵PID:4204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1780,i,16440238113241019345,10853503133254993935,131072 /prefetch:12⤵PID:2104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1780,i,16440238113241019345,10853503133254993935,131072 /prefetch:82⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1780,i,16440238113241019345,10853503133254993935,131072 /prefetch:82⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3892
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5c4690938b91c1348c7ecbffb7ca8ce31
SHA11748e59ee035d667851a296ead3943132e775e84
SHA256636e09054230a75c1dd842f9d0c736912229e4156a64652d72f8dd838e1d18eb
SHA51270fdab2362630536b62111a301ab46c94b1f27e314a402d602644ec84d3b2621bd919ef6ab16390312e432550a6a972a31d69f5d11a64159e05769cca220bc43
-
Filesize
150KB
MD55b043af48ab3b50e339c085077e3c6ba
SHA13d445e150f8fc9c5c15b9783be1298a08983a55e
SHA2561a3ba195667c75382588ddfe817176e83388519595d9f07b492c47c9c4367ec9
SHA512fa6d0e1ce4b347a5275bc71488b41d82effca5f2feee7c9819464b7c9e9cf9ab98cec0ec40ab8d897d026aa749a6bc387044235b28b37f0c9d67c6e2efa7f77b