Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
04/08/2023, 17:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://https:/felafrancol-my.sharepoint.com/:o:/p/auxbogota1/EjruKRie0O1FqRVM9uuhWxoBgIqsJ9C0Wvi2mZpvHwea_w?e=hTUUGp__;!!BBM_p3AAtQ!OnREqh8A3QNKv6VNH-5Crb-_E7tELX2jz38gSs3CnKnxBTrbsXQoqEQ6_TuZ2KhsR7g0LUoyeIqAdUtaoeZMDUem0to$
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
http://https:/felafrancol-my.sharepoint.com/:o:/p/auxbogota1/EjruKRie0O1FqRVM9uuhWxoBgIqsJ9C0Wvi2mZpvHwea_w?e=hTUUGp__;!!BBM_p3AAtQ!OnREqh8A3QNKv6VNH-5Crb-_E7tELX2jz38gSs3CnKnxBTrbsXQoqEQ6_TuZ2KhsR7g0LUoyeIqAdUtaoeZMDUem0to$
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133356420358546281" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5044 chrome.exe 5044 chrome.exe 5064 chrome.exe 5064 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe Token: SeShutdownPrivilege 5044 chrome.exe Token: SeCreatePagefilePrivilege 5044 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe 5044 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5044 wrote to memory of 408 5044 chrome.exe 76 PID 5044 wrote to memory of 408 5044 chrome.exe 76 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 1192 5044 chrome.exe 87 PID 5044 wrote to memory of 468 5044 chrome.exe 91 PID 5044 wrote to memory of 468 5044 chrome.exe 91 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88 PID 5044 wrote to memory of 784 5044 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://https:/felafrancol-my.sharepoint.com/:o:/p/auxbogota1/EjruKRie0O1FqRVM9uuhWxoBgIqsJ9C0Wvi2mZpvHwea_w?e=hTUUGp__;!!BBM_p3AAtQ!OnREqh8A3QNKv6VNH-5Crb-_E7tELX2jz38gSs3CnKnxBTrbsXQoqEQ6_TuZ2KhsR7g0LUoyeIqAdUtaoeZMDUem0to$1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5044 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ea49758,0x7ff94ea49768,0x7ff94ea497782⤵PID:408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:22⤵PID:1192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:82⤵PID:784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:12⤵PID:1136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:12⤵PID:1500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:82⤵PID:468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4004 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:12⤵PID:3148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3280 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:12⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:82⤵PID:3760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:82⤵PID:3716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4652 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:12⤵PID:2112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5040 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:12⤵PID:4716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1752 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:12⤵PID:1788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1880,i,11923400988081223973,8255288333252186577,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5064
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2056
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ed08dfd05bb9b2855baecff104bf6ae5
SHA18f058ac75a076b62e31d0aa451f36f3412fad68b
SHA256fd7583d8b94096bcd9e12c457196121f92f25a35f246053f08b3cbe599abbf14
SHA512a83eb38314c42b6694c47096ec86cf5a24d795c162e2cbe294c2cbd098c3aeaf7d5cd1d2cf9965335c1ea0ccddfe4de398683401a64ecc87ed78cf919e07683e
-
Filesize
6KB
MD5f2e7a67c3686b74110a318e3535f98a1
SHA14e713058b6de4a628d810c11456987f85da73a1b
SHA25668cb2272be18495bf7e116ba7eaf38e6002408f33013311e87ca370583f15382
SHA5122dfd79d1c8226964e31a17ae73e4fed2ff6ad41566121b5a0cb478a6086a15ce047ffa1d4dfeeed1018f7485b501abc67a98b310b4a7080d4f810ae46395b7a1
-
Filesize
6KB
MD5e9cf1afc5270f1f4d65146e278726128
SHA1bc8e3b3610dc9c78bda7e14343c1641025d6ae87
SHA256029826b542fb71444a3c1a9b71dcf996d9f21d7a1cc52ff18cd8ed93af20e411
SHA5125a534c2e1ca1d5400d72a7ea0873ca6144b6dfad9f185d90a290b7aa9c830c1c82ce14678bb5052812506c1a60f6352d92ccf6bbc10a2ce779f5593e848f9faf
-
Filesize
87KB
MD544972fab07b845f28d5bb14cf0262eec
SHA1686a49625d5e8ccbe327a4b12897fca20c0dc311
SHA2567d7bc2247523e596ff2c4b4d9f446e4f0254aa899ee666ed1fd6a4c0fe9fad3c
SHA5124bb4c2b229a08dec25d0d7e39cbfbe5ccee1bc0a4b05c3f2824620affdb11e48b39d7a841743ce5af07796aa999557afc9b27a9228516372ccf8b24fbb980d59
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd