Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
600s -
max time network
596s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2023, 23:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://adobeprintpublishing.orumbriel.com/c/suryanshtadobe-com
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
600 seconds
General
-
Target
https://adobeprintpublishing.orumbriel.com/c/suryanshtadobe-com
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133307403603795651" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 616 chrome.exe 616 chrome.exe 4212 chrome.exe 4212 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 616 chrome.exe 616 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe Token: SeShutdownPrivilege 616 chrome.exe Token: SeCreatePagefilePrivilege 616 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe 616 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 616 wrote to memory of 2372 616 chrome.exe 84 PID 616 wrote to memory of 2372 616 chrome.exe 84 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 2648 616 chrome.exe 85 PID 616 wrote to memory of 3232 616 chrome.exe 86 PID 616 wrote to memory of 3232 616 chrome.exe 86 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87 PID 616 wrote to memory of 3372 616 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://adobeprintpublishing.orumbriel.com/c/suryanshtadobe-com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:616 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d6a59758,0x7ff8d6a59768,0x7ff8d6a597782⤵PID:2372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1788,i,4852554698986610064,5791475155813045059,131072 /prefetch:22⤵PID:2648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1788,i,4852554698986610064,5791475155813045059,131072 /prefetch:82⤵PID:3232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1788,i,4852554698986610064,5791475155813045059,131072 /prefetch:82⤵PID:3372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1788,i,4852554698986610064,5791475155813045059,131072 /prefetch:12⤵PID:3624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1788,i,4852554698986610064,5791475155813045059,131072 /prefetch:12⤵PID:4488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1788,i,4852554698986610064,5791475155813045059,131072 /prefetch:82⤵PID:2692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1788,i,4852554698986610064,5791475155813045059,131072 /prefetch:82⤵PID:2996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1788,i,4852554698986610064,5791475155813045059,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4212
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2436
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\37d667b1-300a-4bbf-9f53-7141722eb090.tmp
Filesize5KB
MD5b340a3fc28aa1b0303a5ce5957f2fc02
SHA1d81b465ad0fd410d7a38bb0fd475edaed455893a
SHA256e7286e1395ecde18f3c2ed33291bbb83117cd7e69024282031ea9cb19aeffd17
SHA512919892ed9f32fa6d73901e22774aa1ca464c9a1f60226228abf7747704d390d1e26f8d904df9621b957bcaa41b79bc2f935a40cca7530851be9fb4f766740a15
-
Filesize
192B
MD54d2a42a3cc5be0c4912043735801fdc6
SHA15e6963a58e94b0e9a42badad54d28a0d38d741ea
SHA25612adc38bea30157222fee8155d297f1f9cf7d43c9beec86036072a5d72f51bb1
SHA512cc92185da272ee72ca0463f24d866c9cb06641a169d5688fe33c425fdeaa5d8a40bf9f74aaf8d6066e2375aeda07b5966aaed2014d759c7400e7b9ab6573d286
-
Filesize
1KB
MD596065205451d98d22a3646b783b72e29
SHA17adab1628a4285625969bd8db98eb1aa1ccee11b
SHA2567d09d3ecbe905643a710f7624a6e5115bfa25cc4e09784b17295396a03a19bd6
SHA512bbb6fc14b3d2aba8d279c0974d45f5cb656d92e4ca429190f92530c232e4399be066e5dac9190378a9efb61cec7979bacd054185d563c0d0cbd47e62d350e27a
-
Filesize
874B
MD51ab7419b25be44a04528fb7fe8fc32e8
SHA18c38dbccea39039b376149a4c4b89879aba5e4b9
SHA2564f1a043af7b00e8ef111eae811634b5801a9f86444158becece8a477f80af18a
SHA5124977aa56ca95fcba391d8cdad580d249c77fb1b6abbbb6818c2709dd2b74428500385e1a90252a35ab27667e06e34262ff54855c2135a071453f19612a994091
-
Filesize
5KB
MD51657ffa22b2816e588b16e8362ae034e
SHA14ef5a3f6a9086493c127d2e6f8452d4806323ae3
SHA2567463a3a7f50f4a82fdad635bf576c234574ddaa6cf30c48ecab6363475262866
SHA512db37b6eb302098ca2fe56a706b5779bb9d140ae25d9a566bede75a3798e99d8c38d07d4ef3355f15ec1c993634f5dabb8fd4d15fb56fb2321b80b24929ad1bbb
-
Filesize
6KB
MD59fb5d5c74729fb576030bf66624982b7
SHA142b5483f352a0ef9e84301ed9f97cb736deb35f1
SHA2566c5c23d3c22d07e564d6a4a225ad55f6870414b37a67586d4e6c0c9aa6c66e81
SHA512700763310921ee95c51085211297782ac5f11bc6643f7c7d57397b6d5c7531c78e581a0f05d0797021104eb23c1f9319d5eb99093a4ee354a912f4ce21e5b9a9
-
Filesize
158KB
MD5937ea0c405df41eca7021705cb8688e9
SHA17eecd7c0bcfaccedbb0c3be1a48a6de886bd5185
SHA256612250624f3a9de4d0e9b69218f578cfb9f9d6a4f9ca62259b83e8aebd1bad5e
SHA5129450b63862b0b192da1f96ee161bb58a2991c7da19a7876d586b8445d555004c35cf8b0b95c589cb2803ae837ea4948c44be5940775f20ade362b32057c4da7d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd