Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
301s -
max time network
304s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
10/10/2023, 17:35
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://t.me/cahalgo
Resource
win10v2004-20230915-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://t.me/cahalgo
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133414329373687959" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4356 chrome.exe 4356 chrome.exe 3368 chrome.exe 3368 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe Token: SeShutdownPrivilege 4356 chrome.exe Token: SeCreatePagefilePrivilege 4356 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe 4356 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4356 wrote to memory of 4856 4356 chrome.exe 81 PID 4356 wrote to memory of 4856 4356 chrome.exe 81 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 4988 4356 chrome.exe 88 PID 4356 wrote to memory of 1180 4356 chrome.exe 89 PID 4356 wrote to memory of 1180 4356 chrome.exe 89 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90 PID 4356 wrote to memory of 2100 4356 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.me/cahalgo1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd18e59758,0x7ffd18e59768,0x7ffd18e597782⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:22⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:82⤵PID:1180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:82⤵PID:2100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:12⤵PID:1492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:12⤵PID:4236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4856 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:12⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3336 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:12⤵PID:3516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:82⤵PID:4192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:82⤵PID:3404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3552 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:12⤵PID:2220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4640 --field-trial-handle=1876,i,2405915771858158957,11655179377382071972,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3368
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD5ff88d34914dbee7abced1369dfd95747
SHA18b7a6d76d2d0ac667598cad07637087733e31fa0
SHA2567954780eb65166176c6e4cd41d3baee1616a620d5e10d063bdf0263cee107247
SHA512c8d9ac0d9074484022b5e446352a87a4388f922fa17285f9b9b3809e569df021bb3f6bb6e5f7b811043a664029664bcfece466d50e8b0e3b788a4172118cde5e
-
Filesize
72B
MD5b2a9579a2082e13a964bce4b5ca74515
SHA17cb2d89562f6083181742f6f065e1e27a4ab95e5
SHA25640cdcf2b018ace8f1edb575666bf0a585a42f3e52da233eda559129773528a8f
SHA512bcd9eb3d9bce07aa3c00c1194811dd70c1b9358bb0f0fff35b15a64630d13f4e6f7a6540feb2f078781958fa9a9ed83d203b114ed2149dccc8d7ff96e7e7ce60
-
Filesize
1KB
MD5fd8652e27ba6322caf62cb538143743a
SHA14eeb594a52e302193ac77bead817b9af2839267c
SHA256473d8658040bea747890d053a8d91c4490952091281a0cfcd747fea967827143
SHA512c49f8fb2acf6a5b04b69e511f9b5f163cab492be9b26f24a85b77b492cd5b0b56b28e4ce9178d220005e8d0ccdbc1d56b07642401c584f79858ecb49530315dd
-
Filesize
706B
MD51894c442f1485cc95c885ac062c364b7
SHA10c6b9a83b637646de321b4d8f39dbd739bafccf3
SHA2565f1c8f27f870c2604dbf6a834f9532cd1fffb8890685b56f860436afcd6fac9f
SHA512e5483545492064bbcc729cd6263f06ed5123867de5f30be3946921beb88f9b15f6ef6d2ff17ec8917b6b4b6c3b1c2e2ae1642b4d10129ae3406ec9e58278217b
-
Filesize
706B
MD5573a93c70b6e5ef1cb58190e8f424aaf
SHA1332524f7b2d3bc2fb197ee4b4186ae7db06e1de8
SHA256592542fa95e3459b2c37e65927f76d67918cf017f1f47db69206f7d5201f8796
SHA51231ea57d05dbeae5ae7fe4480ea809c7516c14db7defed8b24b3e06fc46e0a06aa4e1b4baea25f16c7752dfb1c68bd8c13b8b5a8dc24f24ab2904ebdd4424c629
-
Filesize
6KB
MD57e8b4551eaa6a7b9dc42417aab8c5921
SHA10a4f16fed9f9907b96af885d94a5ef0a97e6e878
SHA256f30ae866b7b8afb9a13c032ca3ac3b81168be01b26a3f3412dcbc1d0325e1e1f
SHA5125f65f88e3969c428682e5fabcb515c9bd9b95d8c8b7ff4cc64f0e687241166fb2da9ad5d15502b464387877f574202a28661e9f39d59834cf0bfaa822ead4515
-
Filesize
6KB
MD56a89113b027ad4b0a05b3a4937d826dd
SHA1f54e9cbec0239c61e774d2c5a1add8fc06d15075
SHA25688f5ce0f5f1cad6554a2083e9c1e4025b5ec84151e82f6a90b82a41f9d7921c5
SHA5120e1fa1843577453ee06ed5a0d9ef05539611cb94d24fb40a91751c5d4a09ffe86277af1369fd3533034c2ec76a294d2964bb454d70b340d1bf9b1677144970e6
-
Filesize
101KB
MD5374daa8cf2118563a9f58a61a585b983
SHA19cd527bd80a316f07e80bdfab18e14200f307922
SHA2566c46fa4efec88a582c998c732fd6b9b5d900b4e9aa1612949476b3082efba1b3
SHA512fd87e024c17a4760b8205b0ce893149a4c1919e33ef559fdad59770c25c856ccf2fd817cdc2d6d11fcea7523e6b9504b88ca4f7928e3add6cb2782c5a99d5809
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd