Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
456s -
max time network
388s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
17/07/2023, 10:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://innate-foremost-drizzle.glitch.me/
Resource
win10-20230703-en
windows10-1703-x64
8 signatures
1800 seconds
General
-
Target
https://innate-foremost-drizzle.glitch.me/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133340655288334106" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1928 chrome.exe 1928 chrome.exe 5080 chrome.exe 5080 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1928 chrome.exe 1928 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe Token: SeShutdownPrivilege 1928 chrome.exe Token: SeCreatePagefilePrivilege 1928 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe 1928 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1928 wrote to memory of 4516 1928 chrome.exe 70 PID 1928 wrote to memory of 4516 1928 chrome.exe 70 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 708 1928 chrome.exe 74 PID 1928 wrote to memory of 2556 1928 chrome.exe 72 PID 1928 wrote to memory of 2556 1928 chrome.exe 72 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73 PID 1928 wrote to memory of 4092 1928 chrome.exe 73
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://innate-foremost-drizzle.glitch.me/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8ef809758,0x7ff8ef809768,0x7ff8ef8097782⤵PID:4516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1828,i,10585527059690660441,15696712462248118750,131072 /prefetch:82⤵PID:2556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1828,i,10585527059690660441,15696712462248118750,131072 /prefetch:82⤵PID:4092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1828,i,10585527059690660441,15696712462248118750,131072 /prefetch:22⤵PID:708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1828,i,10585527059690660441,15696712462248118750,131072 /prefetch:12⤵PID:296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1828,i,10585527059690660441,15696712462248118750,131072 /prefetch:12⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1828,i,10585527059690660441,15696712462248118750,131072 /prefetch:82⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1828,i,10585527059690660441,15696712462248118750,131072 /prefetch:82⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 --field-trial-handle=1828,i,10585527059690660441,15696712462248118750,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5028
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD57254ca96df4b4034efdf48fe7c3f8ee4
SHA1dbbb2a30d73ec4ee95c7c5895484a1f3c683efbd
SHA256050585da6253bb4052e63e935bb49873697d5029c042afd1bc95c49694191f41
SHA51267eb216b1c088c75227bfe045c5039e7fc9f439a3092f5e9b1fe1b34516cf66f595a36e3c55fd724ee827f1266181c32dad85ea59c92e88a09d6c5956b579180
-
Filesize
5KB
MD5a6d95cf4e48e30f3acb3d9b995b0ff7d
SHA1ee79e7f121c6307bf20c834dd01471ad59df1d00
SHA2568b707c1df52eee543002629f7b7757fccaf5270c2c58c6304dcd32ed8c3e7214
SHA512e9b69b423275d6cffeabc62303b4503f2fa6196949af15add86fb5bace3bf8266bb1d14a35447ce263a6f7305bba29f19d588d2c1a3a0f2507fae4ad12e479ed
-
Filesize
5KB
MD54c3bb7086cf760e5439a4747dfaf9e8e
SHA161e9de767e646fcd8f9eaafcd31575904cea9397
SHA256d521c4c7acf1de308bb23917d98c2cd722db5603470ff26fbd86ee26ec948a7c
SHA512bdc757a146d296a70d123d5951aef1115f9d92daccedc61294bf42b43db90873c83f2852ce67885464c49b3ce649e7527b3ed7d3a5af4b5c1d3fdd9a9e710bf9
-
Filesize
6KB
MD57c3b2f3a312bbf2bfd51b8a5c4f8bbd4
SHA1d1ced88ad2d06b9270bea311fa226dcdf65103af
SHA256faa9713e0262266c77da1dc83612a264986eb228bc90eb4937f0e38eafc2d438
SHA512982f7af1088a508e3289706296f4f7acb2ce00fe24d301ddffe457e0abb8c9fc9d91aa8c371ebb3d582e3439d1cfc216de71dc5f5bad26748f218409a82a4d9d
-
Filesize
87KB
MD59f49b3f064caa0140b30b2b25c9aaa6f
SHA1b90b8d7c4d0ad681af06dd9992cd67d241e4ac75
SHA256b53a2eb48e5db8a052927703e5e14aab5e8474d9da388db1ea21454f948032cb
SHA5124c53b2b6e1db3ae4a9e883e57ce38867e739393e90674a447a5bf8df5313efb06ea906312d76f80e7e6ffdd1605c1fbfea13e7b9064f73621982758ca961f15b
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd