Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
377s -
max time network
369s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2023, 14:17
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://privatefilesbucket-community-edition.s3.us-west-2.amazonaws.com/9.4.0.0-343/ce/client-tools/pdi-ce-9.4.0.0-343.zip.sum
Resource
win10-20230703-en
windows10-1703-x64
8 signatures
1800 seconds
Behavioral task
behavioral2
Sample
https://privatefilesbucket-community-edition.s3.us-west-2.amazonaws.com/9.4.0.0-343/ce/client-tools/pdi-ce-9.4.0.0-343.zip.sum
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
1800 seconds
General
-
Target
https://privatefilesbucket-community-edition.s3.us-west-2.amazonaws.com/9.4.0.0-343/ce/client-tools/pdi-ce-9.4.0.0-343.zip.sum
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133365827540159230" chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4308 chrome.exe 4308 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4460 chrome.exe 4460 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe Token: SeShutdownPrivilege 4460 chrome.exe Token: SeCreatePagefilePrivilege 4460 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe 4460 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4460 wrote to memory of 4232 4460 chrome.exe 37 PID 4460 wrote to memory of 4232 4460 chrome.exe 37 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 2484 4460 chrome.exe 83 PID 4460 wrote to memory of 548 4460 chrome.exe 87 PID 4460 wrote to memory of 548 4460 chrome.exe 87 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84 PID 4460 wrote to memory of 1760 4460 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://privatefilesbucket-community-edition.s3.us-west-2.amazonaws.com/9.4.0.0-343/ce/client-tools/pdi-ce-9.4.0.0-343.zip.sum1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1d429758,0x7ffd1d429768,0x7ffd1d4297782⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:22⤵PID:2484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:82⤵PID:1760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:12⤵PID:3252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:12⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:82⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:82⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:82⤵PID:4132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:82⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 --field-trial-handle=1880,i,17712339583617363966,8606455542470216504,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4308
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824B
MD520aa94ed22d27de924b841742e01ce01
SHA182f29d28905b8039fbb5a33b57ef479840f9bf01
SHA256f8978142c3c5bc13c99fd249e0b6a283abaddc2bb076fd6ebb74b7d45347ac21
SHA5127b49f471fc40503c6954500e8a7477fde78dba572bf6c8ab0e7e05908ca14a612810fadb2063aac56568a204740409a11147437bfa32e2ad31ad49bdb5b008d6
-
Filesize
6KB
MD582a3f8d7bc032e1be0157d4a0840f45c
SHA1d698e2b257f20866946c608d9c0e7cc2ff34f3f6
SHA2560dd0aa4b2557da4556be0288ffbb2cd68f83677b96e4d08122e6a4ae36c4d059
SHA512b5ae6b068e067ec6131862af85ef9cbb73c54aeac39b966b8e8b2a0e84cbe39cd25fa7744e86f6c6d51c3263b8ea18902e641883f3f5092b426f7da31248367a
-
Filesize
87KB
MD51b71ae6dccf3c70b0bd571525860c538
SHA172c334a6181b2f70732eccc1f6f71eb17787b319
SHA256fae4a12128c77cb914b14ce87e1d4e4e9c7ffb83cdbf0b933aad6772ac3b0dde
SHA5121b2ef054b08f8ca44f086f02080f9d8293aa107a78de10c10d4bfc2bc4ac349acd546b370b7042ed9bcd0f07772b4ef6991bd6afb36edca241e96091651a92c4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd