Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
180s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2023, 20:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://info.alteryx.com/analytics-insight-exchange-with-alteryx.html
Resource
win10v2004-20230915-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://info.alteryx.com/analytics-insight-exchange-with-alteryx.html
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415300308416724" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3168 chrome.exe 3168 chrome.exe 652 chrome.exe 652 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3168 chrome.exe 3168 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe Token: SeShutdownPrivilege 3168 chrome.exe Token: SeCreatePagefilePrivilege 3168 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe 3168 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3168 wrote to memory of 3656 3168 chrome.exe 23 PID 3168 wrote to memory of 3656 3168 chrome.exe 23 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 1516 3168 chrome.exe 89 PID 3168 wrote to memory of 2188 3168 chrome.exe 91 PID 3168 wrote to memory of 2188 3168 chrome.exe 91 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90 PID 3168 wrote to memory of 960 3168 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://info.alteryx.com/analytics-insight-exchange-with-alteryx.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b3429758,0x7ff9b3429768,0x7ff9b34297782⤵PID:3656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1880,i,763780622942755967,14596984844551559095,131072 /prefetch:22⤵PID:1516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1880,i,763780622942755967,14596984844551559095,131072 /prefetch:82⤵PID:960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1880,i,763780622942755967,14596984844551559095,131072 /prefetch:82⤵PID:2188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1880,i,763780622942755967,14596984844551559095,131072 /prefetch:12⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1880,i,763780622942755967,14596984844551559095,131072 /prefetch:12⤵PID:3164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1880,i,763780622942755967,14596984844551559095,131072 /prefetch:82⤵PID:3100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1880,i,763780622942755967,14596984844551559095,131072 /prefetch:82⤵PID:3564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 --field-trial-handle=1880,i,763780622942755967,14596984844551559095,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:652
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5e6747a4d776248ee69f3f1166621294d
SHA1a5ff8ed3b8484b3aa368cd4bed97f3e47d2d2c06
SHA25610e967afa0d20eae2dcdacaf4e1e9452932f0ff4db724d7adf29c77068e8e8f7
SHA51268677a814074b32be13f1533c2ea46f7b37ccad4d4547717380db41ef387db1571e760cb1dc36bf3e9f0fd267fab8f9a6f75cdd4765ee1fc1e8cd551e49f3ca3
-
Filesize
6KB
MD5122b4f2135a2fd70b758c9c935e5ae1f
SHA1562fc80f298645d24f8736d24abf2e177b354cb1
SHA256fa454021e1aef5ccaa43985a782bf6f137b554cb806f0260f66f2e28dba55e81
SHA5127379f17ead47742dcd260acc9620b56ba5b40a7d9e26829a8da10a5b7e4e4def1932297a64bd26221a044af459459c21c3e237c4fb075d062bf2a8a46116446b
-
Filesize
3KB
MD5029d663e1615068ac5b7a8c16508b84d
SHA197477c90f0b1976b950ab0fdd23c3074a828e372
SHA256a9f9b20e64cb2269eb35991af1984e0db4421cabbbf4e36f8b6ce298a76838a2
SHA512861bce3291ee073faeed9e0caf36f1727eda95d3c99ab081b3c606b01672347118d0ff7ba9a79c4cd8440f5ff7fae604538b56d1135a288e5baec170c7f0ca53
-
Filesize
6KB
MD5fc3091b7ad228bde4d0320f22e81787e
SHA1cc287f872e70869a30349cc8ecd438a498bbf151
SHA256da3260bf7f6e89680e1545af23929e1a57a02427d9a9152253a892c31ea3093b
SHA5124fa754559f0f43417a5140296571d87bb3103a09b83e9e84c56b1e0c0cb1e358dd5a39120e74e37932dcd3abde4e045d87210f1e8b93ee194c6a59c18df90484
-
Filesize
101KB
MD50f6c9471e41f496a72c4c985632aea9a
SHA17d86eb04be516122c9db0013476e2a6220e6b804
SHA256f3e0de481c56dd6f29e52fa244493547e80580c6e1a6daa7e97fb3d9d13c9e6b
SHA512bb440c0b8bd614c362f6c9a906eda02b3a05a446892035bca94d1390867f61c9f776330d04bffccd7262bdcb2d13c277b866331f486de0c5a353f464fab75312
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd