Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2023, 14:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.diamondglass.in/
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
120 seconds
General
-
Target
https://www.diamondglass.in/
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373615791450673" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2972 chrome.exe 2972 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2972 chrome.exe 2972 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe Token: SeShutdownPrivilege 2972 chrome.exe Token: SeCreatePagefilePrivilege 2972 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe 2972 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2972 wrote to memory of 3692 2972 chrome.exe 62 PID 2972 wrote to memory of 3692 2972 chrome.exe 62 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 4616 2972 chrome.exe 85 PID 2972 wrote to memory of 3160 2972 chrome.exe 89 PID 2972 wrote to memory of 3160 2972 chrome.exe 89 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86 PID 2972 wrote to memory of 2364 2972 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.diamondglass.in/1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5bbd9758,0x7fff5bbd9768,0x7fff5bbd97782⤵PID:3692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1904,i,5714927631119023659,11969814759013183118,131072 /prefetch:22⤵PID:4616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1904,i,5714927631119023659,11969814759013183118,131072 /prefetch:82⤵PID:2364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1904,i,5714927631119023659,11969814759013183118,131072 /prefetch:12⤵PID:3676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1904,i,5714927631119023659,11969814759013183118,131072 /prefetch:12⤵PID:2568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1904,i,5714927631119023659,11969814759013183118,131072 /prefetch:82⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1904,i,5714927631119023659,11969814759013183118,131072 /prefetch:82⤵PID:2068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1904,i,5714927631119023659,11969814759013183118,131072 /prefetch:82⤵PID:4288
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4500
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
901B
MD5b6b537669e2fe69b6c0a6483168323fc
SHA1faa0acb0a814b7abe1f0539ca7a63a2991012e3e
SHA25654b81284b04ecc0b6866a7bfe4f3c97da3207a91aba7992e470ff6586575de06
SHA512cbe1e9e71b9ab0638ec37812cfbc6301f0a15b40d82e92d754aa141dc78724fd4dd55b0bb38fb16bad92e7e0534e85b7a813f3220c98b82b0993c658433c9628
-
Filesize
6KB
MD565b79a588179ae0c5f779853add519b6
SHA1c639921f1c903b34fe26abcdc3b51e01781b6e2d
SHA2560fe129febd1c8042b59523c2ff024ea170c47f1cc7fc54429ecd3114c9042e76
SHA51262fe7ebc88166a936128976643d4a088eb1372d5955f1715b0eb264e7cf5e30d8511419b120ee3bba6f9c338c65aef3b4f37ad383690e36fbd039450c69ae9c1
-
Filesize
87KB
MD53a1d7a980569473a5489952a50ad5a41
SHA1c28cac17d5c4dbda1f971a495a7498d647ffe7df
SHA2560b2fcc476e0e499fa8a26ffde8d394a4ba76aaede66e88930e2356444ba4c052
SHA5125d9650547a7913a31d10001ec2671eb4a55ab552c5bce18e2bfb2bbfd26637b7ea962820ae104fb11de9efa74bc0deedf01185b61463aa20afe669f7d9bf0911
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd