Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
20/07/2023, 12:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.vcsw-digitaal.nl
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://www.vcsw-digitaal.nl
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133343302251857277" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 768 chrome.exe 768 chrome.exe 4864 chrome.exe 4864 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 768 chrome.exe 768 chrome.exe 768 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe Token: SeShutdownPrivilege 768 chrome.exe Token: SeCreatePagefilePrivilege 768 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe 768 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 768 wrote to memory of 4576 768 chrome.exe 29 PID 768 wrote to memory of 4576 768 chrome.exe 29 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 320 768 chrome.exe 87 PID 768 wrote to memory of 1924 768 chrome.exe 89 PID 768 wrote to memory of 1924 768 chrome.exe 89 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88 PID 768 wrote to memory of 4404 768 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.vcsw-digitaal.nl1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc6879758,0x7ffcc6879768,0x7ffcc68797782⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:22⤵PID:320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:82⤵PID:4404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:82⤵PID:1924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2808 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:12⤵PID:1620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2800 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:12⤵PID:3188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4664 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:12⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:82⤵PID:1028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:82⤵PID:3328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3848 --field-trial-handle=1760,i,10315796595595219017,15392930462892906934,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4864
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2700
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120B
MD55cd80045baec2eb5b2fac0ec699398cb
SHA12d4a47bbc04179ce1232ac0f7cd0326de8fe6c76
SHA25627d3ae2ca2e228acb2ec88482acad1cf7acb6cb49d54cb3854b55ba80d125a77
SHA512754b619a87a4ad5d5cc522ff8b67d95355268749416e49bf70d6e403a9f1bcb0f51a6a59f5a199ecca2db6afdba7987e6c0843947303b2e41fe60c3cc408b4cc
-
Filesize
1KB
MD5d1142c7a03d191180a7f0b5c666eaaf6
SHA1e4e73b8843c5c9fef96aa9f75e2a52a8bdb9068e
SHA256b14c34f8f781258c92cb4de726bb00761458a2c1c3c92ff5d916c14d614ed7b9
SHA51269b298dfc6146e228e6ae4feb13c5ebe74adf88f6910039f99014e5159e8ba24752788007e204d1a5212d32f861b9609e869e0bf8a97f99d5dee8ac59d920dec
-
Filesize
539B
MD542e89dd6bff35bef5920864e39c578ec
SHA1fbe35b6d0f0afcc3e5ca22f7d888606634fe1ec5
SHA25602490dcff813f6155a90cdcf42ede71d55b1fd017ad2108484ee4895159ebca4
SHA512983591246a00f7702b77a071ff6c8015480867a575035cad2be8f46a4b43bd7acc1d6d2c19be5df6c43df45e19204dd468847b4595795ff242f143ac95893d4c
-
Filesize
6KB
MD53e8a7ed8ce107b76155831bc36de05f8
SHA1ceae64c2fbb09df5dc099a8e93394cb6b686a64b
SHA256ed7c72230c2fcb3c5ca34b83df754aae40b15c293b5c708b4904cbc67f9ba672
SHA512d4fbdccb23ab750e35ad1dbb3f0085c28c7aa524fe5bcd9014384a72f4152a8011928a4ed125e0a72842c816a272d6d00d9651c3da3c28951ad1cb07c47b7543
-
Filesize
6KB
MD5f2568352f09df7024da51ec39600c932
SHA1b27c7237d393f67c8e2e25f4c1165b1895476cf9
SHA2568d3cca8d6d83cf23224195de14fe9c3c7d9af789cd5d87224f4f5bb81fd52a61
SHA512dcffa9287d2f5cab227e681ff99656559937f0d08d837b9664f1b40d2d101471a629e162a265edeaa30efb44f33930aec8a9e8bda7f7b1ebc1e6fd88c7a7f635
-
Filesize
87KB
MD5971ed2f2424479e5eacba0b4e3832716
SHA14a2c28e693d9dc3e2b4bc628014ed7904d3b8f07
SHA2563ac7b5e5762388b7a4f84fd1f334872edada46b7be1bc67a4114b9cf037f4c56
SHA512fb6b01531736ff88cc3c391dca5b615f04d36e2d66c47c2f0c8cac9f1697f004d3190b32fc476d099473f2ffe904d6ccd322eb33585999159ba1c35538595778
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd