Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
112s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
22/08/2023, 02:06
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://quickyoe.online/H8dsT
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
300 seconds
General
-
Target
http://quickyoe.online/H8dsT
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371436434851960" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1588 chrome.exe 1588 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe Token: SeShutdownPrivilege 1588 chrome.exe Token: SeCreatePagefilePrivilege 1588 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe 1588 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1588 wrote to memory of 2768 1588 chrome.exe 51 PID 1588 wrote to memory of 2768 1588 chrome.exe 51 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 2448 1588 chrome.exe 86 PID 1588 wrote to memory of 4976 1588 chrome.exe 87 PID 1588 wrote to memory of 4976 1588 chrome.exe 87 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91 PID 1588 wrote to memory of 1728 1588 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://quickyoe.online/H8dsT1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1588 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c9729758,0x7ff9c9729768,0x7ff9c97297782⤵PID:2768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:22⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:82⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:12⤵PID:3056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:12⤵PID:4872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1708 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:82⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4052 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:12⤵PID:3948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3268 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:12⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:82⤵PID:2644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:82⤵PID:936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4988 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:12⤵PID:1332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3792 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:12⤵PID:2308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3796 --field-trial-handle=1820,i,11512071469584618911,6179044536248940365,131072 /prefetch:12⤵PID:1368
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1424
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824B
MD50c28aa2bb0bd464826e4587c4fd02801
SHA18c5162321e562fcc9f3273bd6d46886a660a130b
SHA256118b16bdcbfad3433e0438d0abbdf11a7eaa02e14479d90e2f7dc1ed5c07659b
SHA5125c72ed7aa66e1c99d79e5e842a6892cb212dfbef8203b623af65eae627bec955ee39703b525c7a6168e9d007b2b1e2f45695d0d0691894a3afd272e06e51a39e
-
Filesize
6KB
MD531db66c3867761efec2ded4e1570a0ce
SHA1bbb4bfed15478969f581050caf6158c63b90de2d
SHA25641c6152e9b24c695887f8250971606f754c069e4d90ce01ad12848cd9d71b782
SHA51230fa68ce4885739b30185ee44153798f7833692e1c08201f3c784af71ea328a8f2f1bf59c7f4edf35c0483a5713a2bc3a7f7252c497a2ed975cc7130764b4936
-
Filesize
6KB
MD51499f0028e1400f3f6998bd6ef836831
SHA157fcc85ce96fca7c8848ec2810dff48a82cc26da
SHA256ec9932c1e4b85e9c4ab1947b34e8a6906367dfcbcf4619054855fb6d80d23b9f
SHA5127267123820dd0bb9514d0d84b1f7756827a721598636c17e40773414376cae7b58be9054f8f5b95c61d72fdb5dffc76f68a2e0f8efb6e71f9b359edafd455747
-
Filesize
87KB
MD54e4a124130c5f30f72a9ddcb2e9dd355
SHA1d5e383feee0e2c1989bdb79b4a49634dea850af6
SHA256e1c593ff77ae79624137464f7824e1d1e0753f7b7ee11a5f5c701e35c371325a
SHA512ec207184045f6569d9a970b42865047472369f9e98c095ca4ca825e9ad92c5c3e78a643aa5cbb64c2b76c06d49ec10d71b810917664040e2f9a65f2fcb9ef6c8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd