Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
601s -
max time network
490s -
platform
windows10-2004_x64 -
resource
win10v2004-20230824-en -
resource tags
arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system -
submitted
28/08/2023, 20:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://qantas-points.com
Resource
win10v2004-20230824-en
windows10-2004-x64
7 signatures
600 seconds
General
-
Target
http://qantas-points.com
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377274239601446" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 4256 chrome.exe 4256 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1556 wrote to memory of 2736 1556 chrome.exe 85 PID 1556 wrote to memory of 2736 1556 chrome.exe 85 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 2112 1556 chrome.exe 88 PID 1556 wrote to memory of 5012 1556 chrome.exe 89 PID 1556 wrote to memory of 5012 1556 chrome.exe 89 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90 PID 1556 wrote to memory of 4376 1556 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://qantas-points.com1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffa80759758,0x7ffa80759768,0x7ffa807597782⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:22⤵PID:2112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:82⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:82⤵PID:4376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:12⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:12⤵PID:5028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4812 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:12⤵PID:948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:82⤵PID:3212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:82⤵PID:2812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4696 --field-trial-handle=1868,i,17701827413360895370,6434367746157147811,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4256
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4620
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5baf91b3ab687dc370bacf09da62c4020
SHA164427e4d0fe260ad58a778338ab6dab18dd4256c
SHA25640d99327120cb84780efb3afa1055c737f507479c7315b4f3d7e292ca7bb3a31
SHA51244984cd1d379cb1de3b10c1259df74462eaba19dfb918ffb76e8b49c3634a3f2fa47bb367693cfed073d063fdaf36075bf1a2dc6f08d8891f595132a1867da74
-
Filesize
539B
MD57b09ff487d3d370201585644f580b92e
SHA18d5f6eaeb76543f6d680ecca8f2d6f3a6d52ffd4
SHA256a563085055dd3f902c728d494ec96e549ba7980d4b6477a346857aec3a1ea3f9
SHA51234ab7760d89b352c99c87309cc703bc447331cd3a56e76641c42e136e070ea2f21e815425c6003dd3c0b8e77bd809709cb5f10349707408a12091b6a169918c6
-
Filesize
4KB
MD50ba1be1a21d977d5557e8ae52687523c
SHA120e2fe3afe3bf81940dcc3edbbce72394f24f769
SHA25679a1216a79c982a5a5a9785b0b08062323ec511aa5128d9bf480edb71584e24e
SHA512a01948bfb8eeb3fe136eb28119c76e24de6cf548d9a630b04556d8540a492ff6662a5b3ad55575bd4905ae4fc4e7c830e80c326625cd847bf1ff8f2c6658d18d
-
Filesize
4KB
MD51bfaafb19636421fe36f3468676dd493
SHA1bd5ff9df9f456a0b6a4b4f2fdc5d8b6e5b97416a
SHA2561cc3f777180c7e64e32a071b6b250060dc668eee8058263a0e3188d3237c841d
SHA51235bb2deae7616bb254788dddacecc32f51ae347f966350e03c2e9667dffd24ffdf607de5824a49329ad383ab6d4ef374ccfa90079e83ae9f829f811740060368
-
Filesize
5KB
MD59d343df17ab0db66da91a0084237282b
SHA1c2d89c2832f8d7c2ae69e72e4757ed383f6ae143
SHA256ea8465ecd2731b49dd1ccd549356ad91f9ff29b10e26c6c49dad1e4984cde8c7
SHA512cee063f090b64033bc35272f6e8ab6207eafe3226dacb62325baf1f83edbeabf2375463ffa77d0aedde62f2ba1a454bf1b12646ed3263c452a7d66af31a35ee7
-
Filesize
94KB
MD5af23b934f5ac00ce2c429b38d15c5a4a
SHA14f86d60637f1ad3bbc034a0e8da0be754299b6f3
SHA25603ea0c70b86e47e9e5bebda0eeb0c29899f1b25ec0bac6f52255a266cbda3877
SHA5126671954ec5e7a0cec0b13bf3d604b1524d4fae29260cfec74724e3f1c31242a135362e3249d189e3c132c9f93d21b327f5e5193513bbf4e0194b704da2e9cd74
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd