Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
599s -
max time network
490s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
21/08/2023, 13:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://celebratethegrey.com/www/b/babe.php
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
600 seconds
General
-
Target
http://celebratethegrey.com/www/b/babe.php
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133370981492202681" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2996 chrome.exe 2996 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeCreatePagefilePrivilege 2996 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2996 wrote to memory of 2084 2996 chrome.exe 82 PID 2996 wrote to memory of 2084 2996 chrome.exe 82 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1600 2996 chrome.exe 88 PID 2996 wrote to memory of 1020 2996 chrome.exe 85 PID 2996 wrote to memory of 1020 2996 chrome.exe 85 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84 PID 2996 wrote to memory of 1616 2996 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://celebratethegrey.com/www/b/babe.php1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dfd9758,0x7ffa7dfd9768,0x7ffa7dfd97782⤵PID:2084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:82⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:82⤵PID:1020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2776 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:12⤵PID:3284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2772 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:12⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:22⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:82⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:82⤵PID:3216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4964 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:12⤵PID:5028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:82⤵PID:3728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 --field-trial-handle=1876,i,7515284479805212533,13572745025042568981,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3408
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2480
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824B
MD5783b7334fede53af3d0bfd9400bb343d
SHA1c03191cc709720929444cf40a33233b30ac9a3af
SHA256c77df27f3d323a91a956658b224621af65ced490227fc1d875bccac0bd93d298
SHA51224357a18319dadb09a34bf5047173057de77ffcc431da3942f807b9ab43696012c3d856406b9dc64dba264a84a487f448c86b758c0ff308c0b32f5b95f2906f0
-
Filesize
7KB
MD53e3eeedb654832817b24fe70ee25bb75
SHA1330f998acfbb7bee91be50baf5ac091bf4b2039d
SHA25652535775b2f196e8f6cc7422b4ba6c21ef2958ac7661d1eb106589aef0c698c2
SHA5129958f02189e585884ae39647ca57e3c3a5953f2a977b015e8f2e20dc6a4ea02e12b6e296e8632ecc884e043159d678cabe97d8cb56a36b6de7d06744ab4b0de3
-
Filesize
6KB
MD555965307f9ca22ba2a527b133e5f6478
SHA141745547ce1bde07217d1f6f813a6e6ef506b92b
SHA2561aaffbf378f566192a3b90060f67f9c04e53c5e8011edd1176ea777939918ee2
SHA512dafd12f74631e0901f733d426ee424fe61c2862fb292b5ec1f9972bb6288ac452ba0c88f992bc46fe08274128f1ace2eb0a58097d8cca03406570477f8f697d3
-
Filesize
87KB
MD5d476bfd8e37c90330f58a7c9936c0315
SHA1942c68873523d69d0d0f3ae3137e91a4893233ad
SHA2566361de3957503bf0c0449a7116a749c6273b5f177a4d51a852c80d82d30342f8
SHA5127154def393cf563ac21a1c57e8c29dd590dd4cb3a62e8da82e664346af250c979d04f1692660c6bd4d1f5d7475a995fefe2e0b983d01706b3307e7933369dfc1
-
Filesize
101KB
MD58814aa4d0c5afe4073b5bda690dc9692
SHA199a72b4a04203b77b67ca9d8d8d7c3f08822b7fa
SHA25629c2204c65e4dbb648335a4496dfc9aef0c0b5d4256975a7a45a9b95f1d399a7
SHA512f4c641227a096684ef472bbf154b8fc8de75a44259e88cd545968542ffc7a5db96dcedf767c801b190bf508000a3546b76d551dea53518187f9ef01e04ebd3a7
-
Filesize
97KB
MD5e122a217bdf7af913dc65afad96a60c6
SHA11fbe7549506b7f5e03aefe37cfab958cddc1602d
SHA25636cd83ab69617ede00167c1d1879908ed3091dc3415f8c4f779a7e78a7746d37
SHA51223e2cc00076f2b168f591614b75e3badd54219f99e9db95b26590afd2e6097499f38ff50194752227302472d386a05959f7f8cb8c1d1f218ae160eb7d9a4be85
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd