Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
31/08/2023, 15:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://lc.cx/FhbcBW
Resource
win10v2004-20230703-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://lc.cx/FhbcBW
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133379683822358296" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 384 chrome.exe 384 chrome.exe 3648 chrome.exe 3648 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 384 chrome.exe 384 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe Token: SeShutdownPrivilege 384 chrome.exe Token: SeCreatePagefilePrivilege 384 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe 384 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 384 wrote to memory of 1788 384 chrome.exe 83 PID 384 wrote to memory of 1788 384 chrome.exe 83 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 4872 384 chrome.exe 86 PID 384 wrote to memory of 1628 384 chrome.exe 85 PID 384 wrote to memory of 1628 384 chrome.exe 85 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87 PID 384 wrote to memory of 1132 384 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://lc.cx/FhbcBW1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0b2b9758,0x7fff0b2b9768,0x7fff0b2b97782⤵PID:1788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1856,i,2380323742793112279,8272413287560575769,131072 /prefetch:82⤵PID:1628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1856,i,2380323742793112279,8272413287560575769,131072 /prefetch:22⤵PID:4872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1856,i,2380323742793112279,8272413287560575769,131072 /prefetch:82⤵PID:1132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1856,i,2380323742793112279,8272413287560575769,131072 /prefetch:12⤵PID:1484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1856,i,2380323742793112279,8272413287560575769,131072 /prefetch:12⤵PID:2076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1856,i,2380323742793112279,8272413287560575769,131072 /prefetch:82⤵PID:3940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1856,i,2380323742793112279,8272413287560575769,131072 /prefetch:82⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3732 --field-trial-handle=1856,i,2380323742793112279,8272413287560575769,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3648
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD5532a99e84585e09edd978610773c8ad8
SHA109a04f3bbf260064011a78e778d06acf35b4307e
SHA256323565194b0542c113f7f248b3b6b00b2ed8991734cad7339d966ce503f43d39
SHA512cdf98f35675b5567109e94c49099d326eba302ee2b3a237b2ed61bd2a933ee9ac254c7167136c5f13d3f6e4bc73329a3bc8eb01c5bb073ab13cb28dead2b2ffe
-
Filesize
96B
MD5ab12a8bd18400ed8898bebc313d4b74b
SHA1afc724b3fdcd0a9668619886b8904231c1d38745
SHA25666f865e39c953551c62749b2364c8a1328042f10332063302f45d9f1f29da919
SHA5121c54b28355f36b75972d8e5e7b39de02a866da6e43e70120e4c481a863db414ecc510b9d2e65963b699b0532c6a0506c4aa361cff1866f3d713da262cbda1151
-
Filesize
1KB
MD5b59e4d98c1b48baa4eafd920b515c4f7
SHA183ded1143be9a6aea1638b961aad07e329bc15b8
SHA2562e0ae676005df7cdbbcd24e84b783f9ce6934c78a3196c87d796766cfdb8c7a7
SHA512d777639360ed8e058c348449e724d72f68a12b32849433c75070fe9a3a7b0551486a73f015e47dc720d8bb8c91325ae3fa06d88d00cbf941bd036a285918928d
-
Filesize
539B
MD5b8a63c4b76e6dee8f56e717876c7f0cd
SHA105495734b03954a5e6f53b5744066e32bb0c1163
SHA256ce184906ab0d32f6084e11d28cc64905df014123218727eefb27206c0fba1d01
SHA5123fd5f49ca449e51eb38b865026dd89a808b1dd4ba42f6dff0b01437f55223c542760fe51ff4fb80acdef31a3b43fcad3020b8db9f27f64193fd80a5aa45f4a16
-
Filesize
6KB
MD5e5fcec6f70c947177822efa87918217a
SHA1155bb4bbfce98ec6a25083da3cdc6186ff63e8c1
SHA25687cc95486ba02880563a7082513b57f388724572432105a3521989d30aff0349
SHA51209194d9901a1388bc56405ab8c93bd11fe49705f59a12dbcaa90dd3f9a236affd703a01a1bf55f52d69fcf9b83c272570257ba5019c36be64843678fb3d8a6e9
-
Filesize
87KB
MD52a831818927f5cf2e033b9e4b219a4f6
SHA1b4b50f956c85e151c18ce60a1f521b22142de968
SHA2565f73a0bd5368af406dc76febbcf99fa23528205d0db055938ba7057e9009a965
SHA512bf24662ef5e369433e95446f04bc15a328e66dd2f93272babbf3f1d2737d1f565dcad720034e054c97a8438c108bdce52f9115779093599959c041cdf48a5365
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd