Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
74s -
max time network
72s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
02/08/2023, 21:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://luvpulse.com/heyds
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://luvpulse.com/heyds
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133354856616817285" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 208 chrome.exe 208 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 208 chrome.exe 208 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe Token: SeShutdownPrivilege 208 chrome.exe Token: SeCreatePagefilePrivilege 208 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 208 wrote to memory of 1652 208 chrome.exe 25 PID 208 wrote to memory of 1652 208 chrome.exe 25 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 3572 208 chrome.exe 85 PID 208 wrote to memory of 4044 208 chrome.exe 86 PID 208 wrote to memory of 4044 208 chrome.exe 86 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87 PID 208 wrote to memory of 4656 208 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://luvpulse.com/heyds1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacdb19758,0x7ffacdb19768,0x7ffacdb197782⤵PID:1652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1856,i,3497478340963311371,780844646583524543,131072 /prefetch:22⤵PID:3572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1856,i,3497478340963311371,780844646583524543,131072 /prefetch:82⤵PID:4044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1856,i,3497478340963311371,780844646583524543,131072 /prefetch:82⤵PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1856,i,3497478340963311371,780844646583524543,131072 /prefetch:12⤵PID:4616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1856,i,3497478340963311371,780844646583524543,131072 /prefetch:12⤵PID:4604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1856,i,3497478340963311371,780844646583524543,131072 /prefetch:82⤵PID:1376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1856,i,3497478340963311371,780844646583524543,131072 /prefetch:82⤵PID:4276
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2868
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD5eb0171ade876af71b0a1244a6d65644b
SHA1459126a9321906543de760e47b66a4dc094a1286
SHA2569b19d953c331861a1475d9c1a16715ebb50e078670dafb58b754833681e7e217
SHA512fbbae15fa7e7f1f80e958ef8366e4351151f81734ae1ced2f2358010e87fe07d17c4ed7ada16087bdc093604d984ead3a7ac2f012a45aae52b9033e44c25366d
-
Filesize
1KB
MD57437bf8df0bfa749e95375e256507da4
SHA196a2f66f991be91f5d409627a9d4b2a19605d33e
SHA2561bc7836f1a7b274bbd23024a8e0d47136b1c3cb3e98b9ea4aef0967bbdf6c537
SHA51227c02eb6c3e49788f47758605d0ef17686bdafb429af90755f8da6e34cfbc7c248ecb3e91751aa07a40a3d260b050fda4ed98b31192d4e61db7745513271ca7f
-
Filesize
3KB
MD514615b9de821f31e6137e6dfe403683b
SHA13a187584415d8fff4a3ccac65f922cad159bad63
SHA2567d2838f3f2d45469e05cad99cbea9ff6a3dafb626cdcc2c86025a79e4c7519dd
SHA512af0a559bd639cb0998e996d771b1c2f966dc1aef0aed768e8e5bccc593778f9bce0b4c337da6f236385d9c6f364b6e857abc1dba4389a3a3b8cc0697cc18927c
-
Filesize
1KB
MD5f3f416d4be42fcb5c9c71d9bf9f42327
SHA1ff1dcbc285c3252ea382f964cc254ab317472541
SHA2568eb2f5dc91e417c23c83f6f98a8848fe6a652cd2a117c821990c578cc80bbf68
SHA5120f431293520925b2ea1e7b29c1483a813410154d27f325dd0ec1c29c401b209e087f8516de4dd16a4d65a5800ec64f07613cd417495b0996282fc5e597d27708
-
Filesize
6KB
MD558edd7b24570be0c7c54b4e74dccf9de
SHA1fdafa234688e5218c79213409e33aa4076e0c53c
SHA2567ed4f416ec4eee9ae69bad00931e73f9100625bb2b76749a71dedefc01366716
SHA512a49b0e6e1b317e7193a9ced76f823bd1c853503dc3ec0bdde215a18669c8d8e1b07e67c61fa461550005e7c97ce44f9fa935b032d63b321f7b6f44554266e794
-
Filesize
6KB
MD5a16f67d951a1dfcdb3bb24d411375ffc
SHA199c7bf8a5e8b13513f63827c42907ba506f1671d
SHA2568c86eec83b82f356f3df79d448ceb29f79176a2d491bdc0aad4b38392761a5b1
SHA51206b8f33ca82d1b1b33696b9540f53d10cb549d5b264e2b18882e07d789a18bb4fa8850b84253209c9e971b2490cd5be1a138dec1d0067cae83f845f1bad0ee82
-
Filesize
6KB
MD537c3b1f069c23c7fb6919b560c541adb
SHA159ee082c7faf6d37b8797ca758d74e48d7f3e660
SHA2567b24ca7ff12e62f86e94a92775c8ba431fd3d8379249062ef79b0192fc45255c
SHA5127fd8eeffda74eb54f3a8e2dfc21e62b40323b52932870791f8b7d076f8997e1206ecf578954f7f3ae8473e8e0143544cc6999f71b58597c6f1046ff4825862a1
-
Filesize
87KB
MD5c4cb22151db88841ec9f6a0e2afb0647
SHA165e15fc9fb81fc5f1a8d81ff643bba458efbcd0b
SHA2561e714fe2b1996e4aaae50926851b9630031e111ccdca78391cde4825f21aa7e2
SHA512350c00e55bf49fffc3321667d4295693219dbcc3890f07d3ce1e98998bf2484f32990e6e2bd13d12426afbe2d98829f1512fcc705604143f4b960623e14a6168
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd