Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
158s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
08/08/2023, 11:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://miniprime.ru
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
300 seconds
General
-
Target
http://miniprime.ru
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359691532930890" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2344 chrome.exe 2344 chrome.exe 4896 chrome.exe 4896 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2344 wrote to memory of 1216 2344 chrome.exe 82 PID 2344 wrote to memory of 1216 2344 chrome.exe 82 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 3324 2344 chrome.exe 84 PID 2344 wrote to memory of 2732 2344 chrome.exe 86 PID 2344 wrote to memory of 2732 2344 chrome.exe 86 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85 PID 2344 wrote to memory of 1768 2344 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://miniprime.ru1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7649758,0x7ff9b7649768,0x7ff9b76497782⤵PID:1216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:22⤵PID:3324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:82⤵PID:1768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:82⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:12⤵PID:2152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:12⤵PID:3228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:82⤵PID:1552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:82⤵PID:2604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4960 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:12⤵PID:3960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:82⤵PID:632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5192 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:12⤵PID:2284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3444 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:12⤵PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=964 --field-trial-handle=1892,i,17675608677618932416,11555870013865181942,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4896
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2740
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824B
MD5f0eff8f6c3699c77c1b2c4b9e83b28dc
SHA1b3a7cef8114fa630055355e5990a777e5e97bac8
SHA256de85540e13b118a9c85af4d26955cf78f8b4685e34ef74e052974d3da14cdbed
SHA5127c6d8508589c7128e68ec71bd464a62d07da88e7f365b868b9b37f76d40ed23f8286b9278d5411fd193a9aa7f1ad1f7eb40497473491fef53d5b0c58aca1d2fd
-
Filesize
6KB
MD5d2bae9ae24407192fadfbbc542f97a38
SHA199801fdc45c36aa851b03a2dab26a36eb6e53e9d
SHA2563ec7533c540bd6ecd954b49db5739fa06f301623cab38f7ee75757ad71e446a0
SHA51228ab605c4e4975de9bfebac3716442660d07e0e3aa327eebf1fd33fcc9ff996fe6851a6a624580f988b14ef7854bfe9bbc005c5c8c857c5784f5ab1228cbb36e
-
Filesize
7KB
MD55e896d99f230bd4a848ff2b5c12f125a
SHA19c182173a23486cd1775e484465deef6e49b63b3
SHA2563a5e1a98c21c9f88a4e45d17a6d9fb4c57d0d0086b4d2e99c3dbe03681d2c636
SHA512c1552d6a96b77177bfffb41d8d1e02b900fd6d9b7363b9a270138d7347f99ed28413f3d78b94a27d45b4fa1fa688b58d89c654a31e30428cfe26d6f2b3b0a26f
-
Filesize
87KB
MD5fc898e54a486a2894ea1ce2fd80bd9da
SHA1b8a2e85228e965427224eeb056dae8ed395861cb
SHA256a4c8c3b5a40682ac0b730c995be1fc6fc915f6f5ba2013b10870bf014c040dfd
SHA51256b2782814e48b5fa3fa8631d4eae3f1059a98e9715e0dee8733d4e1cae5650b6d0dd2b71b8b094848c39b0cc761ebdf8c8e3772297b026057c602176f5e1905
-
Filesize
101KB
MD5205c9062711257d43132eec538e884fb
SHA11062abe2047c222f7a9e8936cf3776a27c8145c0
SHA256d57ae8db15b6b7accf946653b14764d2631d798db102babfb3909b1a9208bfae
SHA512833bb54b1452df8b6940a4e93d9c0db6bf4ba2fd6c51bf77621fde9f1de64018133d89e1ba3764f3a4c7ea55cc36894ab9243942a85e902bfd54cab492ee61d2
-
Filesize
97KB
MD593aa068c4fd1bf7b95ba9a47f848aab8
SHA168596be32615c4b8bcabf754ff943a0855e96bd8
SHA256ab7782bac1076addfa898e675952054c4d12ebb76bec645c20376941ac35851d
SHA512138a7ea9fc98f7f60493dabbe93f87fb50b4aa8532bbe6419190171e02302373bbbf05863a66ae3ca11b6b808631d0b28e4808631de43006a204f4c250531d7b
-
Filesize
87KB
MD56d1d580ac4d7de965f78b57dda7da112
SHA1b2071041c94c27021527cc99e614ad72c9a53bf3
SHA256d6372ec729c4b8c716f90c37c9a11406573be4135a3d7336b2831276a270ce1f
SHA5122ea57a78af7f4e3dd3c8479bbed4fb79aff515cf3f4052766f71d44b8b259c0bcda2d0dd31298ade7366d991719ea8423f9fd3e77d4afa2aaa1aa25e5376a124
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd