Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2023, 04:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://5x.to/bgbdxxxefz
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://5x.to/bgbdxxxefz
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373241463942863" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5096 chrome.exe 5096 chrome.exe 3348 chrome.exe 3348 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5096 chrome.exe 5096 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe Token: SeShutdownPrivilege 5096 chrome.exe Token: SeCreatePagefilePrivilege 5096 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe 5096 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5096 wrote to memory of 4584 5096 chrome.exe 56 PID 5096 wrote to memory of 4584 5096 chrome.exe 56 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2724 5096 chrome.exe 84 PID 5096 wrote to memory of 2792 5096 chrome.exe 85 PID 5096 wrote to memory of 2792 5096 chrome.exe 85 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86 PID 5096 wrote to memory of 2268 5096 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://5x.to/bgbdxxxefz1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc5169758,0x7fffc5169768,0x7fffc51697782⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1872,i,10061728528225814832,14385042287923274216,131072 /prefetch:22⤵PID:2724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1872,i,10061728528225814832,14385042287923274216,131072 /prefetch:82⤵PID:2792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1872,i,10061728528225814832,14385042287923274216,131072 /prefetch:82⤵PID:2268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1872,i,10061728528225814832,14385042287923274216,131072 /prefetch:12⤵PID:4052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1872,i,10061728528225814832,14385042287923274216,131072 /prefetch:12⤵PID:4984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1872,i,10061728528225814832,14385042287923274216,131072 /prefetch:82⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1872,i,10061728528225814832,14385042287923274216,131072 /prefetch:82⤵PID:3980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3656 --field-trial-handle=1872,i,10061728528225814832,14385042287923274216,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3348
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3172
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264B
MD56107add78dd369c59f594954caf66bde
SHA1bdc0fbf0fadb515e4eaa667bb5efcd05581d2e49
SHA256940d4fc0e6965973f33d5dca2574a98f63327b2f94b0539234d626e34c59d98c
SHA512d7b0f78d93ea78104cb9516452303e75d21cbbcd7106873a2f8b0389141907e0cab979e6b437a9948c426febba9a7599dae0acf993ee3e3bc1bebb050467d44c
-
Filesize
1KB
MD5bd8b3c37fcb1263bff078438f86a2220
SHA13a76ebed5195b2dc155019207d0f787957d61082
SHA256c0bd2729a0bcd4dd0e3aa7df521ff7e61cba7a8d836935a10e7c8212d44c14c4
SHA512d5463ee2a7bd9359de18b5876ef3332ba809c4e9bce676e0f7615f4aa93360460145a8919c171a83db16ba0defc79fa6f688eae898d596b899b0446aa992640d
-
Filesize
6KB
MD58c0f43c7d6a7d41df5e88ce55fe02a8b
SHA1adb1a9208fbd1cfdfca63461239ee879e91bb478
SHA25622ad3dfd3f7ee06343efbc6bc4e535470fa09ed3529b2594b45662909caea2bd
SHA51201f6e8253e7d584ce492a28609eb86522b50f5de408479b522d57afda0dccbfb8b33deaa9b604b63e3f6026c8694e66c007bae692a3f858f09c1cba82126eea4
-
Filesize
87KB
MD50563d1e76d3e6852d9bcd6b25ac125d1
SHA1b2f21a41fb915fe1648c58e2fa7d47262a2d7331
SHA25684b2e4a44c0478d656506aa47ccc7af513113c70f83ad099bf10a020e03716ae
SHA512821388156ee97481b3e3a1a7c1658dafdd382d3b0618d28927e4818270e971ec8ac07a7504ea887e259e72b3374a122859856d554fbeb1a85a7291b2ec8c909c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd