Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1799s -
max time network
1689s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2023, 17:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shardeum.bridge-claims.live/
Resource
win10-20230220-en
windows10-1703-x64
11 signatures
1800 seconds
Behavioral task
behavioral2
Sample
https://shardeum.bridge-claims.live/
Resource
win7-20230220-en
windows7-x64
6 signatures
1800 seconds
Behavioral task
behavioral3
Sample
https://shardeum.bridge-claims.live/
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
1800 seconds
General
-
Target
https://shardeum.bridge-claims.live/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289125815912056" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3216 chrome.exe 3216 chrome.exe 1852 chrome.exe 1852 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3216 chrome.exe 3216 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe Token: SeShutdownPrivilege 3216 chrome.exe Token: SeCreatePagefilePrivilege 3216 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe 3216 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3216 wrote to memory of 4524 3216 chrome.exe 83 PID 3216 wrote to memory of 4524 3216 chrome.exe 83 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 3120 3216 chrome.exe 84 PID 3216 wrote to memory of 1252 3216 chrome.exe 85 PID 3216 wrote to memory of 1252 3216 chrome.exe 85 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86 PID 3216 wrote to memory of 4280 3216 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://shardeum.bridge-claims.live/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea3ce9758,0x7ffea3ce9768,0x7ffea3ce97782⤵PID:4524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:22⤵PID:3120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:82⤵PID:1252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:82⤵PID:4280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:12⤵PID:3700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:12⤵PID:4668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:82⤵PID:3100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:82⤵PID:2408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:82⤵PID:1940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1836,i,15693061336604355562,4377549929733300681,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1852
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1664
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
720B
MD59a0ef0209ed1ea20033cdbba74e21399
SHA1d573a2419c08c09ca59dd302e0ed72569b383e10
SHA2565d7c2b4f42df24dee5ccd0338adb3557d11c25a6a8637775a5e6eff186dcf9ba
SHA512c3ad9450eb767e7703d3198412f60deebae97d3139dcc48039024859b8d9c5e90f00597f6025f35d0ec0f1cee889225c8e11621d8ad03f61e172fc2f633da92d
-
Filesize
2KB
MD5264d6d0ed99a5c86abc5795128fa938c
SHA1be62419cf5eec3c65e338cb0272c91b6671990f3
SHA25639722c1bfcc7ec18fbbd69fa9a71c3c87da4d7d435501c5cab2b08957ab399b7
SHA512a51ab50d0866db273675e3d5cccb1d92625e3ebbb5428470b35caa9f528c8989b5ffe807430224fca3327ad5d1e3dd38da0cfe019917d390b22024d20b820396
-
Filesize
1KB
MD51921f4943d1bea53a5a68ffafa9023a2
SHA1cd1df8fa32d309e46a03073704274dda552f14bd
SHA256e66a7841bb2125d739cbb2e696a998daab489348a42a88d45927da378404830e
SHA5122ea961ecb6133d191ff5758801d00ee670f065a2c30ba797969ac10e718fbd5bfd65d0814aaff78b3f511db05e119bd0241dde403ba5d0d6e4605c3ae37ee046
-
Filesize
2KB
MD5c52790b0daac3baf5f04778b35db679d
SHA1264c481b4274ce36d65ec66e5dc7cfca5acc7137
SHA25637549902c9907e8826a3e8016a509cd4d32a50b2b52d3146e6922c3b99307636
SHA5127d224b0873238c4fedb0bac6fd39202788e5d6ac137ac987e6e0e07e54ca1e2352b47c143cd886ff87a9603309c4846d9a7a30b0d9318ca393f089da55681ef5
-
Filesize
2KB
MD5cf9a7ef6667b2ad39970094b5be591e6
SHA1799188ff3c3661bb376e6bbbee0fa76e4948d0b0
SHA256328d139e648a7768c9396ef216e559863e1ff94b6264f684b0e997a94ac005c6
SHA512287699511a8b67060e68444cb1749a2a1df4f32963df76619564fdba4c211298f891dbb6b30a18b021b5515ff6f635f8f3051d2a43a7c351de2c143030b4b388
-
Filesize
1KB
MD50fc028a1a5f7426d1de6e9eb6c2fdf2e
SHA1fb68b230fbfb155f72efbd126484f81198c77732
SHA2567f6446364e2e4d8b6d230c7a038dd49e2447ab5c903aeaeeea465265638e68e5
SHA512272f4c35a42a9e7ef8bb03114c3905c047f32c380defab82d6d573f852470a8bc30002bc96c03f9af94310229ac5ab211eee4e4894cbb4f86a414f287b4fa98f
-
Filesize
6KB
MD575d6dcf5bbde04b754b71d0114b89627
SHA10bebbfabdb0a750da941de8f6f60b84a83c5cf6b
SHA256ee1a9fa418e12824d1bdc2964389edf68267a18f2e8253c3d274fe7fbc6bbdec
SHA5124fe58530e21ba60fd17360c417b5a0a905e94ebad7e5eeab850b0b3bab3f100df4661173f0ddbb8c03cc038764fb30ace1f0aa5b5d32732e119440099036e84a
-
Filesize
15KB
MD519ac18af17b6c537fc772a9f6b538967
SHA10db8331fdc3bef0e90b4215f12d56937d4542d97
SHA256a1f0467fc92ef8cffef01f391eda39713db1faf8f1ba9c66dc7adbf96df678c4
SHA512791e893c245f5985c2010a7f8bfbae76222339a2cd92ae52e6a46f4b4d163b91231d3fdaf533f12f79ccecd42196f4d62640d26be57ecdfbc563d6c60eb6bea7
-
Filesize
151KB
MD53c087a3cd4838b2030a95dabe5e052e0
SHA19a34f1cb1abb98aa0a98dbd90fa2732fb82c4cdf
SHA256bd098700fa9a141c7b45149ca14aae4aef8f94dd78191b681409b317afae6eca
SHA5123e70a66d5461ac7a85bf55214828989b78d3222229dd53c71c1b1b2dba7717764c2b769a04bf00e91d840894b484c7e1f17ea783ef95de75b476fca8aef76d04
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd