Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
167s -
max time network
188s -
platform
windows10-1703_x64 -
resource
win10-20230915-en -
resource tags
arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system -
submitted
12/10/2023, 03:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://r20.rs6.net/tn.jsp?f=0014XdfaNirNGAbvXh1SHwrNRLqBHOnzknLVzmObySM1nfTEDMQhgNLeSCb4GOhM4DLkz1NWjrNIktWv0V52TeKxeIBfC5NPgqTURE_5VwNgRiaG4yp9e46_Jzbgk6tnw2kq5CQtKllP6jYRHyY_r7ImA==&c=Jcb-O7q1F7VI0JtxzHsYJcw2ezFfOi2zp6K5oxAUTWKKEDbdgwHoVA==&ch=8IJz71fwiES5zne0Lc61NhjkGNOO_zs0gAgodSsE_rRUvfs0yvQrgw==&__=/a2JyQG9wdHVzLmNvbS5hdQ==/vl5v2ymv1x
Resource
win10-20230915-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
https://r20.rs6.net/tn.jsp?f=0014XdfaNirNGAbvXh1SHwrNRLqBHOnzknLVzmObySM1nfTEDMQhgNLeSCb4GOhM4DLkz1NWjrNIktWv0V52TeKxeIBfC5NPgqTURE_5VwNgRiaG4yp9e46_Jzbgk6tnw2kq5CQtKllP6jYRHyY_r7ImA==&c=Jcb-O7q1F7VI0JtxzHsYJcw2ezFfOi2zp6K5oxAUTWKKEDbdgwHoVA==&ch=8IJz71fwiES5zne0Lc61NhjkGNOO_zs0gAgodSsE_rRUvfs0yvQrgw==&__=/a2JyQG9wdHVzLmNvbS5hdQ==/vl5v2ymv1x
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415534709971509" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4348 chrome.exe 4348 chrome.exe 604 chrome.exe 604 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4348 chrome.exe 4348 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4348 wrote to memory of 3160 4348 chrome.exe 21 PID 4348 wrote to memory of 3160 4348 chrome.exe 21 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 2232 4348 chrome.exe 74 PID 4348 wrote to memory of 1092 4348 chrome.exe 72 PID 4348 wrote to memory of 1092 4348 chrome.exe 72 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73 PID 4348 wrote to memory of 632 4348 chrome.exe 73
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r20.rs6.net/tn.jsp?f=0014XdfaNirNGAbvXh1SHwrNRLqBHOnzknLVzmObySM1nfTEDMQhgNLeSCb4GOhM4DLkz1NWjrNIktWv0V52TeKxeIBfC5NPgqTURE_5VwNgRiaG4yp9e46_Jzbgk6tnw2kq5CQtKllP6jYRHyY_r7ImA==&c=Jcb-O7q1F7VI0JtxzHsYJcw2ezFfOi2zp6K5oxAUTWKKEDbdgwHoVA==&ch=8IJz71fwiES5zne0Lc61NhjkGNOO_zs0gAgodSsE_rRUvfs0yvQrgw==&__=/a2JyQG9wdHVzLmNvbS5hdQ==/vl5v2ymv1x1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4348 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffabb659758,0x7ffabb659768,0x7ffabb6597782⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1772,i,14496516458422222092,14823843027324186699,131072 /prefetch:82⤵PID:1092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1772,i,14496516458422222092,14823843027324186699,131072 /prefetch:82⤵PID:632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1772,i,14496516458422222092,14823843027324186699,131072 /prefetch:22⤵PID:2232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1772,i,14496516458422222092,14823843027324186699,131072 /prefetch:12⤵PID:3976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1772,i,14496516458422222092,14823843027324186699,131072 /prefetch:12⤵PID:1932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1772,i,14496516458422222092,14823843027324186699,131072 /prefetch:82⤵PID:3664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1772,i,14496516458422222092,14823843027324186699,131072 /prefetch:82⤵PID:4432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1772,i,14496516458422222092,14823843027324186699,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:604
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD523717319b36d1231e72ad291c672e3e9
SHA18aa6dd21827c5933a71446306193a1c91f810f5b
SHA2565f76ab23bf1dc8658ac5308672230e8a6c0c8ed6537ef277b239fd8a9b30e73a
SHA512db14de6d3f8a13e3d040f1000ec5800d36d8017186605f67fbfb7895f11b04b2d5c9b2675c32a60237b4175d54d9edb0a7939fdce63784b9ce59da69cd1684ad
-
Filesize
1KB
MD5bfd544b7ecc6c6b3efbc511861774014
SHA1b96caa3fddc39f8921eb1b3b192f003ec7a8076a
SHA2564a72646919607b2e227e2d694ddb69df2dbea045defa0f2af18262da1a453c80
SHA512ed1bb16b3432269b795ede181e3f61f827be943a1c689ad9324ebc1aea5942389ed2c7ea71898cfc293ee47dd410b3c9e883e3708924dc277f8ee76682aed1a7
-
Filesize
539B
MD5662c0816024786428fec13545be29440
SHA1aac359bec030fd2bc366996bb5a3c80382ae01a5
SHA256f036039a54800b78c521c41ab0cad2182ad9b32db058e25e00777d0471e87234
SHA5128767f18d29e0c40a14762dd82a7b758235e24a64b15d3928a2217a5faed20115a965efe1dc6e6a4ab1bc143db13c57eed08b1431435f84fed875bb3b4ae10551
-
Filesize
707B
MD5a417bd4abd697b206c22bce725bdbece
SHA1bbe862068f919046aae27dc3eacbd0dc99c85a55
SHA2567bb21385156596efc499c6feacde855ed958861a14e8bc2e01b9c2cde7422592
SHA512636358364a1ca3d11363a9af296fdc39adb5f77b20dc4ae377b0e55b3a5e6b3e9b709d6d9cf4be56c2fc975b23192ea618a56d6d2b6896d63cc0402699da1c9f
-
Filesize
5KB
MD5a4c419905fc5343f0417c5aa0cdb100e
SHA17c777eb0166858016ca1aa806577252ddb616c93
SHA256ebf722770999a2fdfde140476d8252cd8c20a0d9d37a5fb34ef48aea428ca897
SHA51221032b95f0dd94aeda317668cdc7137e5e550861040f48ccae1789ec55bba4cf42ed66c3721ad25e4c8e931bb86463e7fc71a8e9c4d5eecea1f26a81437ccce7
-
Filesize
6KB
MD51484b605153b191d24623ce0c1dd5a1e
SHA10c47dd9e35b026d610c7e36a7a571134787cc242
SHA2566caef380138261c8b320f40af5f3fb2c8f5565a6d6ccd489b89c7f4e2b2cf2bb
SHA512a17615284204b0fa1910b3a3339afb6f0ad76412f8be707316be8373d67092cdecc7f9646b598663c60bee8ef2a21c7aa2e4d03526de834bb956537afe4aa0dc
-
Filesize
5KB
MD56cf078568f65fc3b419047740c1bdb61
SHA1174212125f02b12fd95b9a8ee21c783756ab5eec
SHA2564a49ab36c4a273fda36788d01aa92e7974db9c202f05e638f99bde63f1e9db3e
SHA5124357becb6929a29d3eec1fabaad4cc2dd6cb89c87d5c9b802b109a23a5476605b296489f1203868007db84241cd9e33f53cac887664d9a24fa245314c81978f7
-
Filesize
101KB
MD5b3d4521d6dfab527bd5f7ddff3599952
SHA1335dbe69705454a2700a996cad2c32c1c48d0156
SHA2564ddd18f04de2c94a1b9528ea598b1e0e6ed449b8fa930c48acd613ced288df8d
SHA51291708cb8709f5a40d6269132b5b830f7fbae3073ad0f91a5b1e595993e37f3c2ba21f8dc7177fc226eaba2da4eee47ec644d8f0ac4e23f8db3239ffbb578f50e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd