Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
62s -
max time network
60s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
23/05/2023, 04:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://go1.newsbukket.com/f/a/hOB7IAhj3QPI40ePoZZBGpZ~~/cVWpsim~/aHR0cHM6Ly9zYXZlcnlzdG9yZS5jb20vdm1hZGh1c3VkYW5rcmlzaG5hbWFjaGFyaXJW
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
1200 seconds
General
-
Target
https://go1.newsbukket.com/f/a/hOB7IAhj3QPI40ePoZZBGpZ~~/cVWpsim~/aHR0cHM6Ly9zYXZlcnlzdG9yZS5jb20vdm1hZGh1c3VkYW5rcmlzaG5hbWFjaGFyaXJW
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133292963816255283" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1644 chrome.exe 1644 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe Token: SeShutdownPrivilege 1644 chrome.exe Token: SeCreatePagefilePrivilege 1644 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe 1644 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1644 wrote to memory of 4104 1644 chrome.exe 83 PID 1644 wrote to memory of 4104 1644 chrome.exe 83 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4884 1644 chrome.exe 85 PID 1644 wrote to memory of 4832 1644 chrome.exe 86 PID 1644 wrote to memory of 4832 1644 chrome.exe 86 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87 PID 1644 wrote to memory of 3696 1644 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://go1.newsbukket.com/f/a/hOB7IAhj3QPI40ePoZZBGpZ~~/cVWpsim~/aHR0cHM6Ly9zYXZlcnlzdG9yZS5jb20vdm1hZGh1c3VkYW5rcmlzaG5hbWFjaGFyaXJW1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04d69758,0x7ffc04d69768,0x7ffc04d697782⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:22⤵PID:4884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:82⤵PID:4832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:82⤵PID:3696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:12⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:12⤵PID:1020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:12⤵PID:792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:82⤵PID:1180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:82⤵PID:2012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5140 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:12⤵PID:1416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5020 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:12⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4428 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:12⤵PID:1564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5608 --field-trial-handle=1792,i,13518033614282309551,8464602251929554424,131072 /prefetch:12⤵PID:376
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1700
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
151KB
MD5da77c4c6bd909458743d8e438ffc93db
SHA1efa83627a51638532220005714bd81dbd1ca9fd3
SHA256c7f0736e00bb35b210172ec52b0286e9df296367c75a913e44e99fe6520c772e
SHA51246d38d2cfd11a893b929df42378cd377df97e1898aa591a49cf4c8c7c6c276761be75a1ef9376bece9328e2f5c6ac10f2873260bb7cad4f83f0a247cc076d686
-
Filesize
539B
MD5b9c86a3a66d9461066f4a3616e1f4228
SHA1281698fc004aca49bde7ace82a9f9a3637b242ec
SHA2561cf6a4450eee93ee0086b41b202eca11681d3b12a606ebb127a4ab9b0c03c23e
SHA5126791a0cf6d0d869ab567f251c2c5914c73d3a0285dd5ae1a555381647e51cdadf4c2c87e47668c40631ee8cbba3ea58db0986be8ed2dd44b04dbba8b6c9c0a8b
-
Filesize
539B
MD5258463d5621415ca23a012e33f847dc4
SHA1924db511138c99abc69a1980335f69700142ce83
SHA256e2b716b2b65fdabfae317c8de9315be0fbce75e99246697ef9dcbdbb37d249bc
SHA512e74c4f40a7225e16bd37badaac25747c4d75386330876b6c6f73ccd216ae8ae9e0f15124802300fdca1c7c786d08322a6905c574626d27f1b96abc0d02047f2e
-
Filesize
7KB
MD51ee1f0d5fe33d0e2a40d9ed1d030e9e1
SHA11b35a7f60155ad15dd3ebcd744e0393ed800dd28
SHA25605aa4fa532c2c02af44055ebeed5983f4e5b48ff6dce8332fa6dd0029c8e8f14
SHA512451ed8f41d1ce4d9bb1279421c3bdd22f530893953a07507730ed908da514cb34d253d1221417071382133cc0ad2d2000875a39171053e00f010c4e8d8710d53
-
Filesize
7KB
MD508c867d63c3b265cda3cb51267e55001
SHA1082467773ba899d28a3f49b9c737862d99565f35
SHA25686f6d13dc7b1891901ccfcc8f0cc49db73eb460497649db82148316784993de0
SHA5127e0c5f6613601066dd09e759962cd6cfc527e6c9bd172c1df96960306612523091ca2d0fb554d362fd24fb3f2ee2762b3e750b1ef0ce914e8fe567666419bbd2
-
Filesize
7KB
MD549973b363304f6b1fd3a7558a6b0208a
SHA18fdc76ae8c05f1df63f3cc96ca3649ecfba634dc
SHA2566c5200573066e771558c311fbfe85f4c85e0383d38325437dd4c2276e57e848c
SHA51294173b571506f9bf8f940f4d141abd6601a8d42f90f17cb2d03fc91399659678bf55fc16a49bd7f108089087f4000a48733dfe96f4136387fde2529f9f030e3d
-
Filesize
151KB
MD570fc2351d3e459b4a2c2f4e99a628723
SHA14fa98eede0739b5c67f0315771f82bb1c151495f
SHA2567c89f31eded3220162931789c037bbc07bcbdaaacb8b9e6d5581d0cbcf2fa95e
SHA5121578d8d3472b5ae656b8b7ec8daff4307fc6fb13ed708da7cc40e31b39c2cbcaee75763c8303dbbb5fc8aa4915354cc6ba685643a44d416eed829aef9c7e7edf