Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
279s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
22/08/2023, 22:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://australian-tax.services/au
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
300 seconds
General
-
Target
http://australian-tax.services/au
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372182798015407" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3716 chrome.exe 3716 chrome.exe 3020 chrome.exe 3020 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3716 wrote to memory of 3972 3716 chrome.exe 82 PID 3716 wrote to memory of 3972 3716 chrome.exe 82 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3924 3716 chrome.exe 84 PID 3716 wrote to memory of 3168 3716 chrome.exe 85 PID 3716 wrote to memory of 3168 3716 chrome.exe 85 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86 PID 3716 wrote to memory of 1328 3716 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://australian-tax.services/au1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ae29758,0x7ffa1ae29768,0x7ffa1ae297782⤵PID:3972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:22⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:82⤵PID:3168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:82⤵PID:1328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:12⤵PID:4888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:12⤵PID:3176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:12⤵PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:82⤵PID:872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:82⤵PID:3548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2544 --field-trial-handle=1752,i,12677671240222296001,6762612312827141299,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3020
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5052
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD52497cd75e2a7cce38333d81604821ff3
SHA134b4c2f5b47f0220de7e229187f69618e15e855e
SHA25681fb850832e4f65d8d6d74a3ae7a3046e78058ca4f8b249ce315d67d68fcf46c
SHA512c8e9cf0a7e112b323e1cdefb94202b82cb4ca0c637ac5af368cb7ee030d59385829661c02ac40903882cf7e2c53564fc62a6fdb136af9eb7e2c8b295a9765c00
-
Filesize
1KB
MD5699657a83d24e6af76176b869e6d6968
SHA18871c4904120aeca9f0c7dba5321de06c856d006
SHA2563e83af731fe9ee38c1a8ade6b0c39df17c4f3123d2b11fef10e5ed39e0657d6d
SHA51242281e51e34766bb01a439bc3ded5198ac46980062dc2e5ea608ac94fcc48e01daf7e81acc4c5fa875abcb6306a17da6050471ae09522d22b3edca672fb040ed
-
Filesize
1KB
MD52cbb2b33bf2c8bdb737487a86e77e3b7
SHA13fe5a7cb9256ecef38351fc4a2ec8b6b2fa3a175
SHA256bd0ebd91a854f69352bb15f658591c5466378df736806e5badfe72b8f8909bf6
SHA51267f750925320aace7d3bcb0d1b8f08b3738e597f3fbde328f1272e17c7209875d6acc908a45b9ed32e7abdb1d47fdb4a3663c88b17a657a8ce0321cf037fd0ea
-
Filesize
539B
MD53629bb76c5002066f6f70b8b728084f1
SHA10e4b39aa1e95431492f443e6f4349e71bb79b1f0
SHA256f6441ff62fbb4638b2efab4c24709736ec9f8aeaad5157fa47037bd6870f9aba
SHA5121daf42064a082eb4c7ac34b2f0a670b9f34c1d96b42b275afb851b3d4afebe1fcde049ff30517d8d6e5889c997f37d55e5a73608df2c4951d4e95e4878cb38d0
-
Filesize
6KB
MD55cdde1494c66b4094c089bb53742d6a0
SHA18bfe823295e4d89349f484baddb3985de80ddaf3
SHA25696a322d91383a54e5be4fd89bdd02141602408c42126f127db92a1643ac9c894
SHA512a76c02d54ddd4ecb78ba1b12a992356e17ed3d531eac1d69c8b5f562b811fa5a633d83a7489b1b6e0f20ace374356ca048784d4b88d5691e9e734b945b7827b6
-
Filesize
87KB
MD5fda306d51d5739fe6870e89b80318efb
SHA1e5fb3a425ea11c794265f92cb286c933cece2386
SHA256172d11491b8d7b78d574dc5cbeb99586e405fbf6a34ec83659239cc1087e499f
SHA5123c30a64c0488d4244bb653903712cdb4daaa4e49995e4e05d67a8e55e666e5f5ba393ff5c44979827c60317d16684add3b1a8bbe64484ac095106d0475c5f18b
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd