Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
60s -
max time network
61s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
19/05/2023, 06:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://sites.abb.com/sites/Pricelistsandquotationtemplates-confidential/_layouts/15/mypermissions.aspx
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
60 seconds
General
-
Target
https://sites.abb.com/sites/Pricelistsandquotationtemplates-confidential/_layouts/15/mypermissions.aspx
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289523235453069" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4572 chrome.exe 4572 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4572 wrote to memory of 4840 4572 chrome.exe 83 PID 4572 wrote to memory of 4840 4572 chrome.exe 83 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 2556 4572 chrome.exe 85 PID 4572 wrote to memory of 3852 4572 chrome.exe 86 PID 4572 wrote to memory of 3852 4572 chrome.exe 86 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87 PID 4572 wrote to memory of 1420 4572 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://sites.abb.com/sites/Pricelistsandquotationtemplates-confidential/_layouts/15/mypermissions.aspx1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffb46ef9758,0x7ffb46ef9768,0x7ffb46ef97782⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1816,i,17372444346116322641,13359062933682052208,131072 /prefetch:22⤵PID:2556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,17372444346116322641,13359062933682052208,131072 /prefetch:82⤵PID:3852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1816,i,17372444346116322641,13359062933682052208,131072 /prefetch:82⤵PID:1420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1816,i,17372444346116322641,13359062933682052208,131072 /prefetch:12⤵PID:724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1816,i,17372444346116322641,13359062933682052208,131072 /prefetch:12⤵PID:4872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1816,i,17372444346116322641,13359062933682052208,131072 /prefetch:12⤵PID:656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1816,i,17372444346116322641,13359062933682052208,131072 /prefetch:82⤵PID:1008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1816,i,17372444346116322641,13359062933682052208,131072 /prefetch:82⤵PID:5004
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3792
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120B
MD5accda11f44a624516c99f56228d36115
SHA1003e6bf9466cf168ac6bce7c3f0eff9d0b97c667
SHA256ac0dd6cc21cd220115496faffb76c47da59a78a122439134a6e199dc076629b4
SHA512a518c926e1f3d4f478cde1ab89eb400d2149d1c1099239296254cc86077a4b0d223c86376f7ff5d3d96f3d4725dfe328551226e79c4c480822249526db849a1e
-
Filesize
874B
MD5f677f0ab42800dcde36267ac05878147
SHA19940c5924564c15f24da265cceb2870cb1e5f8c9
SHA25665c88ee68d691d63d48718bac5153c8a755e4dba97e21fd96e8a2bc961e51a06
SHA51200f364bb3e1afaf8e6fe57b316710bef6bf2ab5f0f70404105cf9692743fad01aab570f60a5ece22c10861c4be3ae473b321d20418ed1b8129a76f7ff6f9d1bd
-
Filesize
874B
MD5e4bd5db996a095fdf864de4d1d3ab7f8
SHA1424de2c2ef6af7370306cb2cf8de03aa3e9a2853
SHA256e4a2eb07087894f8cdc8e81bdfda6b9efa309c854191281bb395289e77cb3ef2
SHA5126fcb74b331682b795d736dd4e7c1e953442e9a4daafe8ba43b81840135e3dd93219cd35029cbc6f992bbcf84791091a3418aadae47212a2872eb579bc3aa519c
-
Filesize
5KB
MD5ef3b67a42202ab85d1063373834a68ac
SHA19fa7999579e73f70c4a409693f6b3fce405e5ad7
SHA25659b61263e14c64bef4d37cbc9805cacf5b78c876c571c8c8f53d4dd2d421e01b
SHA512498e0a3acc61f5246363d1e5e2192b65512769755cda1eed5012002349e7d5d1bec0543250cb921585e8da41356a1c171cf12b44229f4f6f129b0d6fffb84b3d
-
Filesize
6KB
MD5874609b3eea75b39b58e6afc4da99c02
SHA1eb336070636e0c8fdffe7a24ddc19f5c7e1d3fbc
SHA25633bccdcefbd6fc67aefdbc2f5e0a1fe7aac2d18766fa3f844512e917476bd369
SHA512001a4bc717e84bf7979d7140acd92904dcb2fc230209089ec338d02d82e7aa43d65b17393a7216b9d9998bd3a7f31527ffccc9ade68ed151c65fd572f47a6d73
-
Filesize
151KB
MD5e305c6e97076ab8f5a46f4dfdd432d46
SHA19be47d2941964f488511791c07ef496ed7d2cd2d
SHA256b986d8313389ec798c7e3d820bf2f4549dba2caffd662faf9dc53da34d144cd7
SHA512b3d4d14b3d4297eb6e28064a93d4565b7d9d178033898b6e4aa37a4c8317cc3be1a8e6ce02d56bafaba7b3ab8ffc5abb53f630efc95f64806f0575d2cdea5d56
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd