Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
600s -
max time network
595s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
07/07/2023, 19:08
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.yasamicinsaglik.com/MISC/[EMail_LocalPart]/[email protected]
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
600 seconds
General
-
Target
https://www.yasamicinsaglik.com/MISC/[EMail_LocalPart]/[email protected]
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133332305570626162" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 632 chrome.exe 632 chrome.exe 4760 chrome.exe 4760 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 632 chrome.exe 632 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe Token: SeShutdownPrivilege 632 chrome.exe Token: SeCreatePagefilePrivilege 632 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe 632 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 632 wrote to memory of 4260 632 chrome.exe 68 PID 632 wrote to memory of 4260 632 chrome.exe 68 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 3320 632 chrome.exe 86 PID 632 wrote to memory of 2032 632 chrome.exe 87 PID 632 wrote to memory of 2032 632 chrome.exe 87 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88 PID 632 wrote to memory of 4864 632 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.yasamicinsaglik.com/MISC/[EMail_LocalPart]/[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff734e9758,0x7fff734e9768,0x7fff734e97782⤵PID:4260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1912,i,10737563068262219283,4043289425489661994,131072 /prefetch:22⤵PID:3320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,10737563068262219283,4043289425489661994,131072 /prefetch:82⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1912,i,10737563068262219283,4043289425489661994,131072 /prefetch:82⤵PID:4864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1912,i,10737563068262219283,4043289425489661994,131072 /prefetch:12⤵PID:4836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1912,i,10737563068262219283,4043289425489661994,131072 /prefetch:12⤵PID:1288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1912,i,10737563068262219283,4043289425489661994,131072 /prefetch:82⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1912,i,10737563068262219283,4043289425489661994,131072 /prefetch:82⤵PID:3708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 --field-trial-handle=1912,i,10737563068262219283,4043289425489661994,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4760
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3824
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ef94fbc81261128f60da503de68a6408
SHA1bcffeaada7f885805b429c4a77669e62ca31f377
SHA256d1bc5bacba2ff5a5235d76a1bd8a509f196badcc1db21bb3f21c07e57733899a
SHA5120f39c74117590565554b11396dfd4a90487ed74f086f2a8593e46695616c30f1a5449d1e6e6a2d5a9d42801ac8dab9da270f58cb4069d6329199ab94fb8f8e7a
-
Filesize
1KB
MD526ec419151b58cc1cf104dbdab9ae429
SHA1dfdb457112701ecf9182d6b498ee6f68eaf81a50
SHA2562da5b14def5c69244f7ef71cde85bf4025bf3c8704a3c53938e0267d49d9d0ae
SHA5127a2cf35857a9b1bc4da36889750021ad13e32822f5c9f2041c1d42f0ba4b0dbae3128e0e81e7fa1efb69d047940830a564a0254b6a388e3b384cb3663513a65f
-
Filesize
5KB
MD5078040c2250032187586039e7dd8bac8
SHA1683ca79f9d5df45a63989ae7ac8023294ac5a548
SHA256de40898c31a87507602a87716131ea1337a644c1426250040ccbbb2abfec5459
SHA512417dcbf197df08f7995bade6259bce7334831afb50ae8ff674d7fdcd43c8dddc81d99266e8bee30e4b7aceb7da7c97f1c22a64fed53eba7d43f6b286c6620a92
-
Filesize
6KB
MD540cfeda66229521f4f5c4df29b8dc15b
SHA15b4f24f599c0e74b68a49e54651fe5f0d37894dc
SHA25647a81fe93054f1f684af60f231d99f84d1275d24f4201cfd1a0ee88556ba06b9
SHA5121cc0612a2b7d0f0a853596e33542e327a288e0a6b468a41a79b8f4223cb7dd14cdbd8fb7ef0410624f0efe377c8a21953bc08afabc8703036d95f822526c38dd
-
Filesize
5KB
MD5ac08b1400916e6133e825e96dc178bac
SHA11839b1bf41a81ce545027929626efdab19bc43af
SHA256bb8ff656e4112bce94d80036c877701c4919d58ed1563c04d549f84c0bd2d4ff
SHA512b13fe2fffb65622f154144eadc51ae4759de1c5f36ec48f8de6e136915ca9d2839badb67bd4fc152457fb114dfebedea4af3fe1aef2b4456ef00c8b6c75e9a09
-
Filesize
172KB
MD57774ab941b0784b6a8b1cb2ccb86b973
SHA1ad7c444e06af5e10dfc1caedc357c20e3e17e3cf
SHA2568eb40955197b96fa27da00f857e61528c783d962fc6714964c740ae64b14fdee
SHA512bb5b6ff478f65c94eef1fbd05f8ae749462d7637834cf567958c0e5d0e36a7bec8ba501ebe678b7370b62e5f24287a94d4112f60606454c3da2f241ad38a3b4f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd