Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
03/08/2023, 05:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://officesecure.org
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://officesecure.org
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355153215077876" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3248 chrome.exe 3248 chrome.exe 4488 chrome.exe 4488 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe Token: SeShutdownPrivilege 3248 chrome.exe Token: SeCreatePagefilePrivilege 3248 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe 3248 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3248 wrote to memory of 4960 3248 chrome.exe 53 PID 3248 wrote to memory of 4960 3248 chrome.exe 53 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2940 3248 chrome.exe 87 PID 3248 wrote to memory of 2472 3248 chrome.exe 86 PID 3248 wrote to memory of 2472 3248 chrome.exe 86 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88 PID 3248 wrote to memory of 2920 3248 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://officesecure.org1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6d839758,0x7ffe6d839768,0x7ffe6d8397782⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:82⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:22⤵PID:2940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:82⤵PID:2920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:12⤵PID:2000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:12⤵PID:3780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:12⤵PID:4600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5032 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:12⤵PID:4404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4776 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:12⤵PID:4220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:82⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:82⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5708 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:12⤵PID:3368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1884,i,237789043466433088,13039791974471143605,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4488
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5012
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD532ed6d3020150161e13ee201c514f6e0
SHA1b2bcac7a1060136f0616a50ee9d55530d2e1bc22
SHA256cb6ace133943178523a1d0c6d03378eb3168f41e1561e2f79da585f40ea66320
SHA5123a6cf0ade50bda8539ab49cd892b2f328955a61785972cdb6b01587b26c04f56013b277a7e1451143acc369d63181492024a53e4086c7d66eeda6a748b0b5b38
-
Filesize
1KB
MD595013b5dff2d638a95743aaa405a3bee
SHA16ae5b1787085cdb2001345890d0f37551022f176
SHA256d7d15a1b3357c8e0578738a7040d054ad853c5943aa08654ba62199d68e33592
SHA5126a0370476becaf7137e873872560af0d54d28e7360327da8f051716dc752838a306bfba7474e270e6562c18a1caba5b4af6e5af783a97fae138f0e007707d2ed
-
Filesize
6KB
MD5bd4d237d598337c08ec691b849f8b73d
SHA1ad24caed573fe0d425d71505a45809f5162c660b
SHA256a721f8a8c35f554c53f3eba9820195870c9d6f0d69575d0e64f2d0a702ce5b10
SHA5129989e250dcebaa26acfa4a11ec5b241ac4d4a92a294e48def127474f2d573be65b2dddcbe90a15d91e5db711bdfede84251ee29d21cdb681539f3c75a571bfa5
-
Filesize
6KB
MD59207129460a4c25a614d49330012be0a
SHA1bb78aa31e1d1c96cf39e5a41b384f78b0f3d8dc8
SHA256f5b2155417d2714aa6b93e6762e7477f23c6802e80befbfebcc9beb28806bf27
SHA512ba15670f4271b94e4844b6fc029f07e79b852c941a70a7845098f8ffc18bfb2f39c2091dbc5ba4ac95051626344ea3ec6662e26aa8deb628412c7225ce361f5e
-
Filesize
6KB
MD5eec9c08a09a004fd8c74ccb48ad42182
SHA1901f1db01788cebfcf7a179c64643ea83d97f4a2
SHA256dd18f4c041a125496bfa18a0fe54f36c27c0120bfbd8938b6e2c279515cc5649
SHA512c7f57df86773c6afd3e0aebc83373e8eaece17699f48bafa7b838fa2e4bf4f0cda2338a153036db2028e8b7f122e14520a9d8adb2b275a6260f1d45d9230be4b
-
Filesize
87KB
MD55940f9d7c5d0f26caf3a30fe312a06fa
SHA1d45029c2c503b3dead74325b7e5b45633fe5e196
SHA256f66cc2be7caf9a9ee24a167752d8cd88c1010280119fb2bb3944fa9d7fde2b50
SHA51294f5aa205a23e04f75ccabd6051688f6059897934f221a29f637a276e812ed0894e42dce2981fc33ce451f9c5a9aaaec93d6235a6a6b927f64b30bc8d28bef2d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd