Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230824-en -
resource tags
arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2023, 15:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://d8hxy.app.goo.gl/pGDmY4HUxCp5cxL49
Resource
win10v2004-20230824-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://d8hxy.app.goo.gl/pGDmY4HUxCp5cxL49
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374494808588670" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2112 chrome.exe 2112 chrome.exe 1416 chrome.exe 1416 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe Token: SeShutdownPrivilege 2112 chrome.exe Token: SeCreatePagefilePrivilege 2112 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe 2112 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2112 wrote to memory of 3512 2112 chrome.exe 83 PID 2112 wrote to memory of 3512 2112 chrome.exe 83 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 3688 2112 chrome.exe 87 PID 2112 wrote to memory of 2328 2112 chrome.exe 88 PID 2112 wrote to memory of 2328 2112 chrome.exe 88 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89 PID 2112 wrote to memory of 2912 2112 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://d8hxy.app.goo.gl/pGDmY4HUxCp5cxL491⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13699758,0x7ffc13699768,0x7ffc136997782⤵PID:3512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:22⤵PID:3688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:82⤵PID:2328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:82⤵PID:2912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:12⤵PID:4888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:12⤵PID:4412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3832 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:12⤵PID:3816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:82⤵PID:3700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:82⤵PID:5056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2792 --field-trial-handle=1868,i,1876080751396772776,5850595737359800138,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1416
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2252
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5f6e4f2cd62613eec391c1b74be7c42ca
SHA1e12676adf03891bae77a590edf6a4729c941c19c
SHA25654b0ee4f624fa6d4d317fa3bbcce31ee9d5740f1c569f6034f320ae4098ba794
SHA51272142e91f962d0f900442d3a18881ceaea9e79d98286453f922e70ef8c7ba828e1ce2a683937fc4a22968aba2ec8f44343a4053c4b77b17c506535b0b8cc27e2
-
Filesize
5KB
MD512f2edfe6d4956aa9ce72586bd537fab
SHA135b1b7b32ad9b27d67e23f049bd86b2f39aacadf
SHA256b6673389ddde8492cba1fc27ecb7cd28d46d46093888fbca515a5162789391b6
SHA51262cfc90e1f67a83d035a66b3a4a442cd5c5483e7099855ad1e91f7087e62489aabc4904c3ff235f6cdbc6a4991d9f031a4eeff9bcf9df9971f8371cf0d5484a2
-
Filesize
5KB
MD5628977ebb0221fa15a24b60e2f8c33a1
SHA1bef3ddc23ebfccd5048f7ce490e94154a9818c7d
SHA256e29c09c05d58d565ffb8c9594a90aa752c96df6e6c75c8925511484703578132
SHA512013696dc705c6957ed6154e6fa3b4008ff1aaddfc0e90f0f4d5249f6b8c1795c7df99614cb3719c8b4db61413b8da22c80e0c9c14d2ab8f6ba57ce206d601e0e
-
Filesize
5KB
MD51c80e9848deea0d2488b9e70318a5e2a
SHA1a97fe45d279ec18116e6af25372b8239cf5c4d28
SHA256d4b4566692d7215d7c0b9755ac0efa1b3d1f126730e56baf412173044dd67295
SHA51236bb70130625d399d1d04d2cab39450138c89baa687a4682afb583e47cfd20221531649fd6324dac465fce6813961da1d52cc4c20c2c12578436efdc44ddba75
-
Filesize
94KB
MD585cf635859a1f288a395dd7e4dba6918
SHA1fea164655751878ab5fd1814e2bd22b16b3f11e2
SHA25615abd3a2857474b69d8600262c539fd5957369f520e3e51c62883eb7f76b95ae
SHA5121c98badb50555945ed668d37feaf0d5e41f686c8316b0909f893476f5fb2a2edcb659ab7628d65425efaa0b8a7909d5a38d6631222cc686461535722e15aee87
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd