Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-es -
resource tags
arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
22/05/2023, 20:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://email.demio.com/c/eJw8zD1uxCAQQOHTQBfEzGAvLiiiSEjZPcWYH5tVMBGmSHL6yM2WT0_6omME5iSTg9maWdNsrNwdTnkOERamFSAHtJYzLEQhr5jXxcriUCPpCTXc8IZWRR2RAmQDoM0UURgdUy1NhVbll9vH-D4FvQv0An39Va95JR-8pbeetnKOzqO0Q6D_-3k-F3___Lh7uz_oIbsrvXIvx4WfPNTWVrWN_wAAAP__N1A60Q
Resource
win10v2004-20230220-es
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://email.demio.com/c/eJw8zD1uxCAQQOHTQBfEzGAvLiiiSEjZPcWYH5tVMBGmSHL6yM2WT0_6omME5iSTg9maWdNsrNwdTnkOERamFSAHtJYzLEQhr5jXxcriUCPpCTXc8IZWRR2RAmQDoM0UURgdUy1NhVbll9vH-D4FvQv0An39Va95JR-8pbeetnKOzqO0Q6D_-3k-F3___Lh7uz_oIbsrvXIvx4WfPNTWVrWN_wAAAP__N1A60Q
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133292684563187830" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1320 chrome.exe 1320 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1320 chrome.exe 1320 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe Token: SeShutdownPrivilege 1320 chrome.exe Token: SeCreatePagefilePrivilege 1320 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe 1320 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1320 wrote to memory of 1508 1320 chrome.exe 81 PID 1320 wrote to memory of 1508 1320 chrome.exe 81 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 2028 1320 chrome.exe 82 PID 1320 wrote to memory of 1392 1320 chrome.exe 83 PID 1320 wrote to memory of 1392 1320 chrome.exe 83 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84 PID 1320 wrote to memory of 3012 1320 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://email.demio.com/c/eJw8zD1uxCAQQOHTQBfEzGAvLiiiSEjZPcWYH5tVMBGmSHL6yM2WT0_6omME5iSTg9maWdNsrNwdTnkOERamFSAHtJYzLEQhr5jXxcriUCPpCTXc8IZWRR2RAmQDoM0UURgdUy1NhVbll9vH-D4FvQv0An39Va95JR-8pbeetnKOzqO0Q6D_-3k-F3___Lh7uz_oIbsrvXIvx4WfPNTWVrWN_wAAAP__N1A60Q1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97aeb9758,0x7ff97aeb9768,0x7ff97aeb97782⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1812,i,2403259527480460645,6891937910281465778,131072 /prefetch:22⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,2403259527480460645,6891937910281465778,131072 /prefetch:82⤵PID:1392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1812,i,2403259527480460645,6891937910281465778,131072 /prefetch:82⤵PID:3012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1812,i,2403259527480460645,6891937910281465778,131072 /prefetch:12⤵PID:4608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,2403259527480460645,6891937910281465778,131072 /prefetch:12⤵PID:3828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1812,i,2403259527480460645,6891937910281465778,131072 /prefetch:82⤵PID:2364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1812,i,2403259527480460645,6891937910281465778,131072 /prefetch:82⤵PID:3528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1812,i,2403259527480460645,6891937910281465778,131072 /prefetch:82⤵PID:1968
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3288
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
456B
MD5d891a4359eac7ba096568be65d175563
SHA1e5cf61300a5bbe937b0662942ba677dd5e082e9f
SHA2563681eb750bd77b7814ff5fc77d48c2168df48e805881a60e64c345016b78be51
SHA51206164882228ab2fdc1f8d76627e6fc25cfc21bf033a34461a665cba186b12e938ed77748b9da82a86ffab56433650dbd0430862523c5c1b6eb1cf496ec0a90cb
-
Filesize
2KB
MD57e98e4dce5d9086903663c36c6ea3edf
SHA18c6be5502c6f4cef1d92ccbb9db13955211e48c6
SHA2564968e4ee8ee1fc8a39517922d9d382d7c3aab11c9de852e35659e690b3ff4eea
SHA512b20c25298142a963f14a02be4c9af094f5d8d5247085139d85dbb8215e147cb43dcbc3ee81fcd681a7697b5a2bcaad0663de272e8ae11b169da18596d50d516c
-
Filesize
6KB
MD54233fd0bf35e3307c0a5333f7d9eea63
SHA1eacf36d8e3edb437cb2dfb6846c7311edabd37de
SHA25675aa07fd6ebdba9e98b14b1435d45a21bdca6cf116d2ca3a0d23601842d9d181
SHA512b5ddd4c278159626d91ac59552db00315a82aff0042f74915598909a150290def904ebd17f9bd2f23bcae3d7a8f5bf7db79e4d002773214cfa16f7e4eb973225
-
Filesize
6KB
MD5d0878b66c9218af008ad75cf4eff6201
SHA1c7d025986903d77fc5ec45cd90ab048d55510190
SHA2562b263a4baca7c58661800212ffc51df81398ff3260440f8d50070766d240113f
SHA5126aea503b3fdd7605b7f8a32b67025d40e7de1b9b07518d3086426b96c8618f91a1756e0445748d9da3054378064f1c463292e270939937f57296d6d88bfd958e
-
Filesize
15KB
MD5b19056eb77459566fdd16428b2281a3f
SHA1c1c3c1665df11ce91a541f5e29b49e5c60d84de5
SHA25664027e6fc81cfdf97510ab1c52a08f773e2a975890459a38ca4f7a98f2f4330c
SHA512f4faeefa6496e3a81aee0a9b62334a425ed3bf24a7be4ae03e33acde1252390ebb89f072da26507088a4407449302d39abcadae038ce3f349c1b58bd6717abae
-
Filesize
151KB
MD5aa26d822c06d376cb967b73e98463506
SHA1f04e2be953c5ef885bba4186913ea19a8f08321d
SHA25616dfbc31e51728ed40352d33ed84da91a2b968a8f7c79b0041430d49fc2746ac
SHA51290169b56508e7dd70c46a409d2a3af57c242b5bacb6a8187ff432d193202ffeed70b9cbb440d2ec5bb06c24ac0419fe6de589bfdf6072af0872ea9978ec85033
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd