Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
18s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
22/08/2023, 03:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://my.clients-calculation.com
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
300 seconds
General
-
Target
http://my.clients-calculation.com
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371490465579615" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1256 chrome.exe 1256 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe -
Suspicious use of AdjustPrivilegeToken 28 IoCs
description pid Process Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe Token: SeShutdownPrivilege 1256 chrome.exe Token: SeCreatePagefilePrivilege 1256 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe 1256 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1256 wrote to memory of 1744 1256 chrome.exe 80 PID 1256 wrote to memory of 1744 1256 chrome.exe 80 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 5064 1256 chrome.exe 84 PID 1256 wrote to memory of 656 1256 chrome.exe 85 PID 1256 wrote to memory of 656 1256 chrome.exe 85 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86 PID 1256 wrote to memory of 1532 1256 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://my.clients-calculation.com1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1256 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4bed9758,0x7ffe4bed9768,0x7ffe4bed97782⤵PID:1744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:22⤵PID:5064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:82⤵PID:656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:82⤵PID:1532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2796 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:12⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2780 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:12⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5068 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:12⤵PID:1416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5088 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:12⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3944 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:12⤵PID:1936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:82⤵PID:384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1856,i,7554710326374485304,4403997549373702501,131072 /prefetch:82⤵PID:4444
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4516
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD55ee5f99dfaf66fc6b901f955a63d3dfb
SHA1e2d94535e15a275aaa984148cd50a668cc52723a
SHA2569ad623f064d548d370d4fa509f24e0bcc22a9a5e32f7aadc2aeda3b20c1d06ea
SHA5120690f615d872bfc866eb6ca3c8bfaa719e528725f9f16a060985fc4f14dd2d04319c9841d035836cdedb5a0d8c95db8bab9f5df6e25e7babe0f821b774f538f1
-
Filesize
6KB
MD53ab74251a6632f87863834d2e532dbf6
SHA1349d5f66d829a9240d3f97f942b6d80387e3a463
SHA2567b7c4dc9a560bf5772eb5072dbdc60336a696c9ffc9f39c58dde691297a092bd
SHA51265a8eb550f8cc61c087163a147e808366b0fd339f56b096ff86c529f915c3e709a7b5e8aefff8c6e4f10fd649c0ae7d84acf8f7cc2e138a6342ed55b6e3cade5
-
Filesize
89KB
MD58dda4c24d3f49494e516726bf4ee640b
SHA1cf3de48bb93250d76ace3945300286acc7b92620
SHA256f0a95ff13b83ea5f0262e2e8de330b11d84ba6955e2be524bc85a01d518f7e7a
SHA5124ce25b44e2c9e6f187f477512f2bed9db56b87e1cf789fc91fc465254044e64f76a66a8a6ad1b6af372d80dfbae5b671f0601ade22b079256d9f72a07f493125
-
Filesize
89KB
MD5ad8e1922e059e7d69e264612e0785ca0
SHA12234e4cfc7ad8b453f42e1450b9a7ec553d44192
SHA2560614f8d850a58b2282f3a52830c4e304e520c9af198af96a8c2d7142cf76221f
SHA5121d71ef9f33d1c8b666848032ade000d4e068c02d6e918dfd390d35e3bcd4f3310b4a04519a1f10cf761d6440cf9bad0bd211a991cdfc26b504b87db05297d7e0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd