Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
24s -
max time network
32s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-es -
resource tags
arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
17/08/2023, 18:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.instagram.com/amancowavin/
Resource
win10v2004-20230703-es
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://www.instagram.com/amancowavin/
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367715710892838" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1144 chrome.exe 1144 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1144 chrome.exe 1144 chrome.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
description pid Process Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe Token: SeShutdownPrivilege 1144 chrome.exe Token: SeCreatePagefilePrivilege 1144 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe 1144 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1144 wrote to memory of 4564 1144 chrome.exe 83 PID 1144 wrote to memory of 4564 1144 chrome.exe 83 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 3664 1144 chrome.exe 85 PID 1144 wrote to memory of 1684 1144 chrome.exe 86 PID 1144 wrote to memory of 1684 1144 chrome.exe 86 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89 PID 1144 wrote to memory of 2584 1144 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.instagram.com/amancowavin/1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1144 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbffa9758,0x7fffbffa9768,0x7fffbffa97782⤵PID:4564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1808,i,7250553013326543802,14511944348379437645,131072 /prefetch:22⤵PID:3664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1808,i,7250553013326543802,14511944348379437645,131072 /prefetch:82⤵PID:1684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2832 --field-trial-handle=1808,i,7250553013326543802,14511944348379437645,131072 /prefetch:12⤵PID:528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1808,i,7250553013326543802,14511944348379437645,131072 /prefetch:12⤵PID:4756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,7250553013326543802,14511944348379437645,131072 /prefetch:82⤵PID:2584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1808,i,7250553013326543802,14511944348379437645,131072 /prefetch:82⤵PID:3964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1808,i,7250553013326543802,14511944348379437645,131072 /prefetch:82⤵PID:3628
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4328
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
360B
MD5e85e07249d6b3ccbd87ae59a1a8eb6d2
SHA1b021e420306ff7f6f71d5377ea856176776e03f2
SHA25649d420473caa620775969660baffa8074d8099719546f08040e43775a5788056
SHA512ad63584bd0da9e28f0d2297a7933717ae5faa41742592e934fba2d7f45a65763d0a4d43fa2fa0247b3b8a67afcdce599be53aa0c7c5761ce987d50b5b0860224
-
Filesize
707B
MD528b826429c34eb301ec4ea3f7495106b
SHA1bfc24d196efe78179d8310f6bcdaa97a62e141ef
SHA2568521a8f13ab9534cd7e8c870d9008e70dc2e1c15fbb1db86f7107a61e889b28d
SHA51266ea0d30a78ea217c7ed415094a5296071adc4964119e0ebef5be831501a329e6e031b8fa6f82283a1032e65f07917a065febe74fc298eb950955e87c2296bfe
-
Filesize
6KB
MD55496801f8a77145dce355dda0b11b87c
SHA19980f15840f57745bdd956e2a545c23004181c29
SHA256ed9b5734b3ce58dbb7d84915e967d5dd3539235a1ab558351cf4efb374cf21c0
SHA512e95eeb4ffe5bee18f7c5532d2588f75fe72dc613b6adb04b257377d578a6e62968c8387c01131f9276affdcdcbc5e45b04ac1d256f97d93ff94006182d2a07d0
-
Filesize
87KB
MD59b68d4e17b5d1e77033b27482f9ed87d
SHA1d0e13dba1488b093a0e5df22358868417e83b4de
SHA256873e6d5c831171633d16304a51be46387c1e59d98cf5f4e8f660f7b6fb9f6bb1
SHA512e1ecc5285155bc59536c37112368e476d2f436f738ee0a1308517768380471f4281b780480834baad10bf303dd3885b3ffa73bb34d09c96e66c34e1134c88c4c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd