Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2023, 03:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.edinavigator.com/cgi-bin/tst.bat
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://www.edinavigator.com/cgi-bin/tst.bat
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336066115728289" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 2732 chrome.exe 2732 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4988 wrote to memory of 3640 4988 chrome.exe 72 PID 4988 wrote to memory of 3640 4988 chrome.exe 72 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 1708 4988 chrome.exe 88 PID 4988 wrote to memory of 2276 4988 chrome.exe 89 PID 4988 wrote to memory of 2276 4988 chrome.exe 89 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90 PID 4988 wrote to memory of 2404 4988 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.edinavigator.com/cgi-bin/tst.bat1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff936949758,0x7ff936949768,0x7ff9369497782⤵PID:3640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1912,i,11150554234133087028,13914687329808715933,131072 /prefetch:22⤵PID:1708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1912,i,11150554234133087028,13914687329808715933,131072 /prefetch:82⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,11150554234133087028,13914687329808715933,131072 /prefetch:82⤵PID:2404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1912,i,11150554234133087028,13914687329808715933,131072 /prefetch:12⤵PID:2192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1912,i,11150554234133087028,13914687329808715933,131072 /prefetch:12⤵PID:1188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1912,i,11150554234133087028,13914687329808715933,131072 /prefetch:82⤵PID:4880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1912,i,11150554234133087028,13914687329808715933,131072 /prefetch:82⤵PID:3344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3700 --field-trial-handle=1912,i,11150554234133087028,13914687329808715933,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2732
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4336
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5d8b2d7361913441be2d277ce4129cb64
SHA11c3443553c9d927e4ab229acdb4417c0a1439d26
SHA256d53a637c3066ff585fe7e57aa47c5b681ea65362b980d284b4663c377972bc95
SHA512e03961285887f71179feb54b8fd380e7cd6818b9bacca37003231858c64ab02d03e3bb75e143980479afe918323f4ce1eb8774a3e86b04d02b5aca82f384e667
-
Filesize
5KB
MD5034694848631957ee5a7e1ac54db3ae1
SHA1c0c3b97ad7329222a881130d32659b1cfcb357b4
SHA25660e84abc49d80bb3b33e6a1b1b9e374b06a034df3f9ce9663b045af8a84c9668
SHA512060c6f2810adad91f962a93b53c133786b3574e6c6c9b995da28a6584c2f0c002fc830b5ca183308eda7275f8f634a71422c836da04259b43600d5f45cd084ff
-
Filesize
5KB
MD56a0b7b735acf1295082ce70aef69a27d
SHA15470bcaa24f03e88c71838db017b252883a08e78
SHA256c1af067db8a0e37d31158a1813ca5300f0370a8716cd3813010a8aa024cc44bf
SHA5127a6ead14555d7409204ebaa1fb1a712dd83ad106853955a448f5a12e40676f70787726de406c8ca11d7bb2da69cf203342d5db67af7a62524d26c4a3c6b5de66
-
Filesize
5KB
MD58a44db635b6c90db285601a230350f19
SHA1c26d1edf26fc1878b0cc7ccfc5a579a5f8621128
SHA256c0283930b9ebeefe2b5f4c3b4bd7af5662a188348d0f50f274a7dd863ff2edf0
SHA5126d0e147165e0e2514923bda03ae86d9c7bcde7afb778b60560f02454a276c56377bbd5eae016899cedd3cdab50e7ecc7b7dd7335776ed0ac45ee339311ede780
-
Filesize
173KB
MD5f3dec0d1f2a4c2afb9d9b47058eb9f21
SHA1f9924600b987c7783f9c287677d44999c0e02ce4
SHA2562cc27952a8640bbaebfae31397434776a7c84ac08af3e8398c9e9b6852e7bb37
SHA512d35c3c7974a8e4263487046d3477135f3dadf5435c6ad09314f166dea3c113f4efb8d59ed0232ddceab37e24a288df8e4b731a15c30a220df7bb0e6eb9180d0f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd