Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
30/08/2023, 10:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://camilavargass07.wixsite.com/portafolio
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://camilavargass07.wixsite.com/portafolio
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133378651278634797" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 752 chrome.exe 752 chrome.exe 1740 chrome.exe 1740 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 752 chrome.exe 752 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe Token: SeShutdownPrivilege 752 chrome.exe Token: SeCreatePagefilePrivilege 752 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe 752 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 752 wrote to memory of 2528 752 chrome.exe 81 PID 752 wrote to memory of 2528 752 chrome.exe 81 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 2112 752 chrome.exe 84 PID 752 wrote to memory of 1368 752 chrome.exe 85 PID 752 wrote to memory of 1368 752 chrome.exe 85 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86 PID 752 wrote to memory of 3452 752 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://camilavargass07.wixsite.com/portafolio1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:752 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9a1e9758,0x7ffe9a1e9768,0x7ffe9a1e97782⤵PID:2528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1844,i,13558474708593110297,3640866879430355599,131072 /prefetch:22⤵PID:2112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1844,i,13558474708593110297,3640866879430355599,131072 /prefetch:82⤵PID:1368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1844,i,13558474708593110297,3640866879430355599,131072 /prefetch:82⤵PID:3452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1844,i,13558474708593110297,3640866879430355599,131072 /prefetch:12⤵PID:4304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1844,i,13558474708593110297,3640866879430355599,131072 /prefetch:12⤵PID:1984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1844,i,13558474708593110297,3640866879430355599,131072 /prefetch:82⤵PID:4684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1844,i,13558474708593110297,3640866879430355599,131072 /prefetch:82⤵PID:2904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 --field-trial-handle=1844,i,13558474708593110297,3640866879430355599,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4088
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
960B
MD507fbcb3fbf22865ee4b048e164620093
SHA162e8cc2fc4c527146de033fbebb242a35e2c64f4
SHA25658bda7156912703b679fb3a521e189844883d5bd571de48f31cccdc0f3d7dc31
SHA512e3c91dd5a64ef844abc30e463759de4767ff7eea286abd7e6b10a74881bff5ccfd7bc8448b9da96050b756a7fa5e2c3356d06935d42c0e45561c48e4c92bc2b9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7be58938-ba30-4e12-8cb9-79cd9b88ff43.tmp
Filesize371B
MD5175441394fceeb45d8c9ad7aa65de7c4
SHA1117de4e764865291e54a22738880e2da14a82e35
SHA2567db0fa3cabb4876123ee1ce18c030f25949fdd9ab3a36897badb2ae32169fa88
SHA512864620f91578ecdaeaa3e691a38051ba4b00f13ab8838787010890e1ed2dd1040fd37728122652c86e3b8d4471cd48052575135ad8adc2ca88b7717c5b6fda3e
-
Filesize
2KB
MD58fe396ee109f21d6907e32de333b64b9
SHA11e7443f5adabcffeb467f106a6248c1c5cfa4086
SHA256ca37044b791c914ee66b55cbf6be32e7b41f11165e9a866fddca2afa3512bac2
SHA5123a92b18fa4aee85f86d8014c6514f91ba74ed0881c9390d1bf2659cbeffadb2e20ba3258da1313ac18d6228888715c79e5f0fc94db88d18b95a887594dd716d4
-
Filesize
6KB
MD5a79b0424b728499c703df04bb39296ce
SHA1a414bfcdea6c452222bcaca8f542ab2aa06a1a9a
SHA256d565471b6afb1f6d5313d40760ee71e9b7968085e4a921657d560c6b31bd3975
SHA51201ec68e5bf97a4ed95a0569088911b8a5065807d6155cae58a8e79df1fcd4c1753f17d581aabb01a07107e790dfd87a3c1262c29c759d7ae571148f1f9803d02
-
Filesize
6KB
MD5337580f126d8cfd5673780a4f35501a5
SHA1a236625f9261b84ee7632a98245ef73108030e98
SHA256b783c30c93b18a41fe48e195dfaa068cb7239a7f78e94ff93a1db47b111cb22b
SHA51220c8548856b13901532d28e277f29f8d0baa77104841860de42801ea00e02462e2ccd876507bf17a9b59ef702fab14488314c451bd1ed1831a580f441c2e43f6
-
Filesize
6KB
MD5814fb04d9199e720318dc7a8357e0cf3
SHA176c0a048773823425992175e63b8466a12d8063b
SHA256d744f754c39fdab24c9f8e56ac8b4ca9e918f2ada96d664f0f295dd50f27cc13
SHA5121171b11528e1b334018665296562f703ead87e79acb67046b9cf6104b5f2cdfb8a3f0a0dae4f6f28284ea52c9aa41e2dbe9ee2ce1dff6052962b2036be1c6460
-
Filesize
87KB
MD5e1750c89293a0edc33f3d5f5791bb889
SHA115046b99f7102d10a51129552dd9a475d1cb000d
SHA256a45cb99efaff2a2efa9ee0202aa7597bfbc34f7ea66f82634b4728e1649e0835
SHA5128b9100ff8aaac810eac74056d212f2e67061654b42d9aa5502d14dc233a654fdd7a5784df116262ec6e50f740167853bb81856b5702b99f7bd7f77859e7e37d7
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd