Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
13/07/2023, 13:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://materialspace.net
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://materialspace.net
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337270211826565" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1304 chrome.exe 1304 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe Token: SeShutdownPrivilege 1304 chrome.exe Token: SeCreatePagefilePrivilege 1304 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe 1304 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1304 wrote to memory of 1080 1304 chrome.exe 50 PID 1304 wrote to memory of 1080 1304 chrome.exe 50 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1736 1304 chrome.exe 87 PID 1304 wrote to memory of 1324 1304 chrome.exe 89 PID 1304 wrote to memory of 1324 1304 chrome.exe 89 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88 PID 1304 wrote to memory of 4168 1304 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://materialspace.net1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1304 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0fd99758,0x7ffb0fd99768,0x7ffb0fd997782⤵PID:1080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:22⤵PID:1736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:82⤵PID:4168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:82⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:12⤵PID:2284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:12⤵PID:3824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4724 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:12⤵PID:4816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:82⤵PID:952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:82⤵PID:4400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=1872,i,11255361199871656450,8841621465274538668,131072 /prefetch:82⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1960
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
870B
MD51bbb2eb53851b4bb0cf7a65ab432149c
SHA17558927066b2423fa6e180e58814f33154ab1e4d
SHA2567cf9a44f9a5ede0264a725b0c0b5e1fc61c3d00b70142216fc7e6bf9db96dee3
SHA5123afcb2501fdf0c9470a9ff5ecd863a0b9b829bad78a5c4f25af7d8614287f1eadc5e138d1948255efedccd3ddc239b5af4959c227555b8214ddd7d3194177127
-
Filesize
870B
MD5a34cde4f42e7de788470ae2649603647
SHA19a3e3996371a06b1bccf5c0a99320d1843d7dae9
SHA256163ee3dc8ddd34da7f8dddc34c6984575e6be58c8025fa8b8b92849df512af08
SHA5126e5555b8861942840527baa272f258358014e3e8349be020416cc333d132758d81c186d63c7c1b4ff379509a64af4ca109fe2462f3f359f377e7fccecb114c25
-
Filesize
6KB
MD58e5c6c09549a2eaae6e37fd6b69fb46d
SHA15921efc3d93299ebbae23f0b8f6cc3d69500b0c7
SHA2562c79e8121b970213a9a3615725c882e38c09df93c3c36eb0ebfc8f4563604ca5
SHA512316456ea10b9a4619f5ca2e4b0a11ca6f32e24b323dc843a05e0526467cd8dc491080d66cc657ce3207c96e65aed2939a7e66c3c91556ede862cc3750069a592
-
Filesize
6KB
MD5b7368a7e47f2b1c015c9d32fe650a9a5
SHA14319e360075925ab8683ce09794b9969967a4d80
SHA256f3ac4a026d69151ff3f3ef01eb6a438e78e8cd9cf6b8dc24e26d711264075f95
SHA512554b7c764347d8691645157548af35c26214cd5b56134536e7f22a7eea72aa64bf90fb0fda57456fcc95f04aa919d28e3b8bf762bd361c49e0795ed994e1820e
-
Filesize
15KB
MD5292b9972df650a2ea315de6d9bbe30da
SHA141392ff6abfe9e984cededf2302e9777a445d1f2
SHA25662341d524dcfb48ccb53141a0521af04978982a7b62db764ff097eded2c619cd
SHA51286c5e846907a2f2101805eccd2d98d558e1a2a43281e814f88737bce1677727d6d59969cabca4265f0ad1157d21066ac01f5aa5d6efa82129dc4843dbbf1a960
-
Filesize
173KB
MD5a270b22da7902a2f1f6fc6dd1362c082
SHA1886a08c1321ac0d3c34aae6fc212ce0a0c976bf2
SHA256236697e0a724ed3e74b87b2fb2b3a94fe1754e089e4c4c71c596926feec6a735
SHA5122c35773667526a783bcedeb470a11a2c9bef1ff87afabb833e0c4a7127fc7c29b6217dc47b102e0ff2f988a4b3e52c1bd22f1a3bc65d7de85bf3f94059142fe4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd