Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2023, 18:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https%3A%2F%2Fintertecqatar.com%2Fcss%2Fjs%2Fsiasia%2Ftbcbank.com.ge%2F%2F%2F%2F%2FdmFraHRhbmdAdGJjYmFuay5jb20uZ2U=
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https%3A%2F%2Fintertecqatar.com%2Fcss%2Fjs%2Fsiasia%2Ftbcbank.com.ge%2F%2F%2F%2F%2FdmFraHRhbmdAdGJjYmFuay5jb20uZ2U=
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133297782913660634" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 628 chrome.exe 628 chrome.exe 828 chrome.exe 828 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe Token: SeShutdownPrivilege 628 chrome.exe Token: SeCreatePagefilePrivilege 628 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe 628 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 628 wrote to memory of 5016 628 chrome.exe 84 PID 628 wrote to memory of 5016 628 chrome.exe 84 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4360 628 chrome.exe 85 PID 628 wrote to memory of 4332 628 chrome.exe 86 PID 628 wrote to memory of 4332 628 chrome.exe 86 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87 PID 628 wrote to memory of 3840 628 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=ebe0a673-b585-4d5f-8b02-173d6da0ca15&e=boss&l=brandlogo&i=https%3A%2F%2Fintertecqatar.com%2Fcss%2Fjs%2Fsiasia%2Ftbcbank.com.ge%2F%2F%2F%2F%2FdmFraHRhbmdAdGJjYmFuay5jb20uZ2U=1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4bdc9758,0x7ffc4bdc9768,0x7ffc4bdc97782⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:22⤵PID:4360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:82⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:82⤵PID:3840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:12⤵PID:2520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:12⤵PID:1380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:12⤵PID:944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3568 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:12⤵PID:4780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:82⤵PID:4556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:82⤵PID:1776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:82⤵PID:4268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 --field-trial-handle=1828,i,9576368999053413348,17019549114789573800,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:828
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2748
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD54f938fc23085a225ab262b0768bb78b8
SHA1745f663bc243f4f60d411378d83a4afa590efb0f
SHA256b2477d5fc33faede728cb7dd7794cde960e29717c7897cd3df8d9c284332b191
SHA5127fb607623475c7258336dc65d8ff32074f0e87e8c5de0fec0e4aca3216856e985b0fcffb4e782fc6d796fad522326722a333bd5266e6dbcf5d198b09883aef30
-
Filesize
96B
MD5ebb0e8acf682e3ca179fa215ee761853
SHA1d0299bd17e5d4fde8ab6a6729b58059edce2908d
SHA25608029b0bbe94f602bff7528579897bb8a414b4e956bee4b446efaa317e204838
SHA512d60415ac3bf939be03c3e2ecfd8a3baff9d67bdd671273f4b8add31641e9034d57f30ce3bd03144a527866faf3e310215cb7431018b8d0f512edc0bad34151eb
-
Filesize
1KB
MD5e02512b0c6470039351e34f2474b3db3
SHA19402ff5f5cbdb422d81d259f58cda8f8ef460821
SHA256cebfc1b41d4325eeb9484d4b951d663cd75ac072fd289b87be77bb0056293ca2
SHA512765a8f09355a1256fb7d451e96e863de196eb329eb5e6a2cdf283048ddd753d2e66b6afa07ce9a316ba531ba8bade489c16f076f6f994801cda74a9851d6e4d0
-
Filesize
6KB
MD5dd58bd78430ea2f83ec071ed07056b7e
SHA1f58e88ce94dc03636d289b77600b03641a5423aa
SHA2561b75bfac53715fb76220968aa8740079bf8ed9cf15e6a19bc12903deca10563c
SHA512e6efb35149edc920a12644da19aed09f021e0902d96d0e88109a428b7aa03dfa1dc2f10ca0b57ae1e32b94c15119032709bc6c221ebcfec4c4e301a97171ca44
-
Filesize
15KB
MD5d7b87ef96fac1cf1da88309f866ab00b
SHA1f2d2f0932ea3fbc4c9ae69df9ca29c933f3917f0
SHA25615fd737ded1e04efe00d250d735a3a44f7b6500346b2805fda92393148713f9f
SHA512cf292dff15e6aed466ec8cd197c024bdae157edc70e66941a9c431eb260bbf441e7984a65ac8d69064750a0e53ca382c00c6386b619f5ee07590d4000545cdd4
-
Filesize
153KB
MD5c12d6da82c59c18f6437daffcebcf786
SHA14be3cb12a57d5273c9f7ba06ae6ef4301a5a61ee
SHA2561fbdc81f68900e36845efe00960230d1f283dbc5a950ad935693d70a03c6cb83
SHA512f064f6552d32c875b67e8ea39985edf002ee9b413698982c912abf9fc59561e024558b142958e1084533a0285b45a5331dcbcd15105ebfb1e004b46e875e7972
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd