Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
23/05/2023, 22:21
Static task
static1
Behavioral task
behavioral1
Sample
phish_alert_sp2_2.0.0.0.eml
Resource
win7-20230220-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
phish_alert_sp2_2.0.0.0.eml
Resource
win10v2004-20230221-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral3
Sample
dfk1.png
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
dfk1.png
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral5
Sample
email-html-1.html
Resource
win7-20230220-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral6
Sample
email-html-1.html
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
email-html-1.html
-
Size
135KB
-
MD5
a9d4d99c72963226170899afe679e1de
-
SHA1
fad019edfdea89a34fb025f03b178df9c08c1bca
-
SHA256
95f7dcc01744b53be2af428b36321836e3b5c63931ff92779bf2269df34f9aae
-
SHA512
f3b35ac3344fd7c9a242c58f8e47bb1926a392b107b1d5723586bdb9270495c2041593f0217c505bb05dfc286ac8f812b2d1186ebe21d210cbf43c5db3a38486
-
SSDEEP
768:BrA+XXjpeAa8hRJZHRZ8SvsGdDs/BhjD5jrxesGdDs/BhjD5jqkhvZGdDs/BhjDF:VA+XtLSUudRRZsk0XzXspxd
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133293613008769638" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 848 chrome.exe 848 chrome.exe 2676 chrome.exe 2676 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 848 chrome.exe 848 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe Token: SeShutdownPrivilege 848 chrome.exe Token: SeCreatePagefilePrivilege 848 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe 848 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 848 wrote to memory of 3188 848 chrome.exe 84 PID 848 wrote to memory of 3188 848 chrome.exe 84 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 4176 848 chrome.exe 85 PID 848 wrote to memory of 2648 848 chrome.exe 86 PID 848 wrote to memory of 2648 848 chrome.exe 86 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87 PID 848 wrote to memory of 3876 848 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\email-html-1.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b6339758,0x7ff9b6339768,0x7ff9b63397782⤵PID:3188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:22⤵PID:4176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:82⤵PID:2648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:82⤵PID:3876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:12⤵PID:216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:12⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:82⤵PID:4728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:82⤵PID:4020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:82⤵PID:748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 --field-trial-handle=1816,i,6504439904545423993,259239858267124979,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2676
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3788
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
882B
MD5bb3a1d2360aea53c8ae09c49beecbeee
SHA158182df074632ed5f5aa22a262badf024743e5ff
SHA2563a02c0ec5b695b1d48edd555861bd115ef702579d6053716defef92c18d2f5d0
SHA5125b7204a6a1938623db0f3887e12a29189e14e454d8e0a1d54dad12940ca6da5cb40a335969ff235cdaa3eb3ceea5b91441ad7538b1b77cd4b261682ab692a561
-
Filesize
6KB
MD56b492276dbca4b350d065eaae2b613c0
SHA18204e76d6b11ffce80c517e690ee9e4df5aa60cc
SHA2563207d2604d3d562367a710b7f5f5ccc65b827a1a2cf8aa6c2be440a4bb2e27c4
SHA512a7874214aebbdb225d95e1c2a5dd0c14f450d722bebe891eeb7b1ddb3eaf568d033214762ddeac8264ee5fe44eef639cdf1b7c24a1d5c3abe0dcd4bc13023072
-
Filesize
15KB
MD52f11760b40b5523af62b4c407c66b0a5
SHA1c8be779baf31751f5971ebd3663a8787b608200b
SHA2561906a6988a2355773bf0c85f6bde1ce55f40197ada5bc44b71d0e1accb20485f
SHA512a450bb3fde0fcc2a8f5cbdcafbdc168a3f35f1fb275c99b78b93204920ad33dba08988b1737cc1bbfa202c40fccc987e9051e6cb0308c519b09152466365e510
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c6eb14be-f177-4721-bbb8-cfcdb68ea9b5.tmp
Filesize6KB
MD5962976eb98df2fcf0919d9e466a34516
SHA1acbda8610b3a9c1f6d91edeafa68eb43f118ce72
SHA256150c1ee81c3d93dab9ab11a501ae20df81c5848006d1e5357c36d13eff5860d0
SHA512d2a68266ec6f07e50b6bf0aadc770eecfb9cf3c223694118f76fad1c0e71fa502bc53886b90555e43d7c40a9596eb7e0529992670fd0baa647c4c0a2b9342129
-
Filesize
152KB
MD5c9edc3c9a4c8f754e25741b1fd044376
SHA16ac34e0a045ad5cabc712ead394e7615497ddb6d
SHA256cd97c8c9d4f24928925b06c845dbdca875d11d8140d02e0776e3c2bf17005fa0
SHA5120b12be8be43485bdacf68100028bec9cb4d3da62341373500b14c491d102242f7fc478e9d6d2696df0217d7eb1c6fcd66323814149051419eea025502eefaadb
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd