Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
17/08/2023, 14:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://tcp://chromedata.accesscam.org:2900
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
http://tcp://chromedata.accesscam.org:2900
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367546634211202" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4468 chrome.exe 4468 chrome.exe 636 chrome.exe 636 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4468 wrote to memory of 1584 4468 chrome.exe 47 PID 4468 wrote to memory of 1584 4468 chrome.exe 47 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 1544 4468 chrome.exe 82 PID 4468 wrote to memory of 4540 4468 chrome.exe 84 PID 4468 wrote to memory of 4540 4468 chrome.exe 84 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83 PID 4468 wrote to memory of 1412 4468 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tcp://chromedata.accesscam.org:29001⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff03de9758,0x7fff03de9768,0x7fff03de97782⤵PID:1584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:22⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:82⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:82⤵PID:4540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2756 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:12⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:12⤵PID:1592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4024 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:12⤵PID:1972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4208 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:12⤵PID:1960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:82⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:82⤵PID:4448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3912 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:12⤵PID:3680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4460 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:12⤵PID:4440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4664 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:12⤵PID:3340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 --field-trial-handle=1780,i,15073000220675634138,3216613604146042402,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:636
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3592
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2247d6a7-c846-4f8a-9cc0-785b152743c7.tmp
Filesize5KB
MD59d3f3a197ce4e0ea52f0333da30da659
SHA1e23bca34515b8b739e484c6eeab2912e2322b698
SHA256c7451540833e41bc392fc59732a0241e41bc0c0ff8ef91f9fb2b8fbdf54286ae
SHA5124d0615e64faa4376d889a35183ee98c79ef56f63b660b7e96763476a24ef5631cfdfcaeb1ebfdd4a8ce2e2e94d16793caa886c79c32112f2630c51fe8942652e
-
Filesize
5KB
MD572039ad82ae8032e11bf55b94a8c06f2
SHA186e3c9e7d34ad0169cd5cd14af21312ead389eda
SHA256c4c4095e081348284aaca40df0f674162aed4d91f63aadace7d840b85fd33ea4
SHA512405123e479701ef8c878b42142f401f7abf980b169228cd3b308d5ce0673b730e891ae06bcc555bb8a001a5077028d3b7cad79e74f497d41eb17bf456a7343a7
-
Filesize
5KB
MD509b5b2c1a0dd15c282637db36c8c038e
SHA14ada3f7c438d21565a4746bcf91829427289b43b
SHA25610235c4b0c32a7725991a47cf9152b14f0e2205b798ea41842b8f7fe06329248
SHA51212c831a3be4075073bba1696b234eee8d70ea55053b640ee94bfc74098ab7cd026b7c3d6f850b229efb98b592f40773eaf451e19eb95170e8e8b74a3ff4b8f1e
-
Filesize
87KB
MD5a0e02273aa815d5292385ca1944365e1
SHA101c16c9f1d388a4d3e60b2d1872310e7bf71f46a
SHA25609f5ecb95a20be02e661f90f942c077b12dab1eceb104767c789603242025040
SHA51284829c36960e119ceb0a463834db487f926ce47cbcefc0c80f7a37c761120ad4f39c564cd8e274948fff8efcfd8fbade63705314a2ad905a6a20a805ca2b2bb1
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd