Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
21/09/2023, 17:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://undercoverdwell.com
Resource
win10v2004-20230915-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://undercoverdwell.com
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133397898540525678" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 348 chrome.exe 348 chrome.exe 4124 chrome.exe 4124 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe Token: SeShutdownPrivilege 348 chrome.exe Token: SeCreatePagefilePrivilege 348 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe 348 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 348 wrote to memory of 2596 348 chrome.exe 85 PID 348 wrote to memory of 2596 348 chrome.exe 85 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 2240 348 chrome.exe 88 PID 348 wrote to memory of 4844 348 chrome.exe 89 PID 348 wrote to memory of 4844 348 chrome.exe 89 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90 PID 348 wrote to memory of 3008 348 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://undercoverdwell.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:348 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff70d79758,0x7fff70d79768,0x7fff70d797782⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:22⤵PID:2240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:82⤵PID:4844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:82⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:12⤵PID:3220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:12⤵PID:1956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:12⤵PID:2788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:82⤵PID:3352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:82⤵PID:2876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3372 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3120 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:12⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1580 --field-trial-handle=1868,i,9472525962997852058,9878864337516851,131072 /prefetch:12⤵PID:1956
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD5a5db3ea5038969d101575da4a4cb1c1b
SHA163d316f34ab16c69437ae83c2b572db2ea167925
SHA2561ff44b52859ccca9d44f5638cba43b4c5221442a16c57a4fc86ae891df313c6e
SHA512527dff43db83b6221b0a1e78e2e4b555cd3b9cc60223d3d6ff07a4ed53264bb4a844554d0de0b7dfe83b2e1182094d5351347e087747551ae264ca95476a9f4f
-
Filesize
2KB
MD50a8cc58b688379d93e34c2670f984efc
SHA16eb8d491422dec4dec6df7db2d504bdd10f33b39
SHA2562bdaa5bf1b466bee62f6cdc3b29af0e7091684c39a1a2749bf9c1ff0672ddb5c
SHA512d2997249e652725adf214e30ae495095518c4805bad82e8b2fd4d59a362d095c3dbd4f58b24be87e64a9656b4e7423015428a4d8df4b3f430a8ca810a462459e
-
Filesize
2KB
MD58072145ffc212fb4e69b3b4425dedad1
SHA1f47b06cb7516ce7b0e579a6398074626277ba3c6
SHA2565d01af3f0089a83a306288b9e066dafaf1b4c9a5f5d4aa55e0b3094c1ad405e7
SHA512204d45314fb06ce539f4202642a056e482fbe058adf62b31746ed5e860d667b163cd408e4269a76ec0c628e9ce57fe1df5371a56541831b3cceb1890e0156878
-
Filesize
539B
MD55cf0067beb9c6d8b4d016b4abe8512ec
SHA1d7482df50a33e71ff9a2b4323b49dc9fb1a0b707
SHA2569c6c5ed4b7ca0e22373834558b8188f963551badd12829805e2c4c1e67f51d61
SHA512b20ea180f127cc00fb787135c88378b64ddeeeb50adf5d2f5b715322952ed5b71c25894749b46c48f3a074694d03dd177d83e0a1e528977ceabfd73868a08047
-
Filesize
6KB
MD5e1f9b5abf075cc7ebd3d47505b4e9a53
SHA1c7ce21f7e541c66f504307d4eeac9f354bea0a9e
SHA256ff8bd3b15cfbf72c68fffaaba4aced411da3d739fd96953b07d1bc125a0e818e
SHA512da7dd5c98285feb2b613bef46ecb24086a6490f45a66cd772fea1813ecd9efc004a37fc602e49cbd05aec6f0294947035c8065133a5ec00180ca8e655e209ae2
-
Filesize
6KB
MD5d5046c5ab4bf8272bdeb30b8a4e8d5f1
SHA1d717f712d26f2f1044322eef80d91e432fa2ef53
SHA256e52a47aa358ea614165f380378bd54bf65960d704cd89643b8b32c7068c0aa0f
SHA512e5aa9c7496722da45fdbcd610d0024a24aa8e2271ca21e71a87fc9fd83f70a4170307bde05e7c89e9b6dfddea8ba49bc6d0ef4764f56a1156882635dbd39a16d
-
Filesize
5KB
MD58bc67a37e87100fe637c3ea7c3728901
SHA1f893072359f83b10ead4a7bf6898c562c6906bd4
SHA256cccf55097d5c7b8f132a2519b70dd4a688ec31eebd57b380ede1ad415469e1f8
SHA5123c06aee53ba2e50a793a28cdbbfdffad298647440cc8f07ef70ccdd136d04b22aa3626487f72c682e849b987ac9f5dd152dd28937e655ad505c13c887952f830
-
Filesize
102KB
MD57944bb4d0fde4bfa0d13a48c75e45db5
SHA1a70e6cbb1f4cd2dba1259507b4f222a557b4699c
SHA25616aaf7dd70da133c809e44bc3da8dbf64df597668cc607fe930a8dbdc81786cc
SHA512c663af523f4e536de98ecf372ad93df501cfd69af280fdc753e77b858965825303bf178b9824ad74bc91dd5fd7d6669de32b46978158bd741411866dec7718e5
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd