Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2023, 05:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://claimautoken.top/au
Resource
win10v2004-20231020-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://claimautoken.top/au
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133432046011250864" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3484 chrome.exe 3484 chrome.exe 3704 chrome.exe 3704 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3484 chrome.exe 3484 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3484 wrote to memory of 1356 3484 chrome.exe 50 PID 3484 wrote to memory of 1356 3484 chrome.exe 50 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 32 3484 chrome.exe 90 PID 3484 wrote to memory of 3540 3484 chrome.exe 91 PID 3484 wrote to memory of 3540 3484 chrome.exe 91 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92 PID 3484 wrote to memory of 2292 3484 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://claimautoken.top/au1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6fe09758,0x7ffb6fe09768,0x7ffb6fe097782⤵PID:1356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1864,i,8853010579674060507,10840540173846610799,131072 /prefetch:22⤵PID:32
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,8853010579674060507,10840540173846610799,131072 /prefetch:82⤵PID:3540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1864,i,8853010579674060507,10840540173846610799,131072 /prefetch:82⤵PID:2292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3276 --field-trial-handle=1864,i,8853010579674060507,10840540173846610799,131072 /prefetch:12⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1864,i,8853010579674060507,10840540173846610799,131072 /prefetch:12⤵PID:4868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1864,i,8853010579674060507,10840540173846610799,131072 /prefetch:82⤵PID:2204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1864,i,8853010579674060507,10840540173846610799,131072 /prefetch:82⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 --field-trial-handle=1864,i,8853010579674060507,10840540173846610799,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3704
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2312
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5bec4c78e341ff8f79b9f288893c53db2
SHA11814da944dba043f2ee45f4230b396a5b99372dc
SHA256845df714c06dbe08e36b5dbcbbb56aedff480c8f11d1ae992b65ba13284f604d
SHA5129f5ca7e2901bcf03911a85d463f54456bfc92bac44c5dd79b436f096acdc25bc3befc3d12d6b9d698d9ebccc4c19ac0f502611623db1099f378034496c6827f0
-
Filesize
2KB
MD5204650fc43a13b7141f8ce4f97b4535e
SHA1bff51955d33fda66e834573569f377eb2eea32a9
SHA2560ea057635d191cd457fe566694a9521dfebe4d1302bd0da2b2d7b67c19ccc700
SHA51270ea90cb6dc8d38942b34b4a036790ca7310de4fb57825c4bac3525d062f94e12f6e5aa8d0ca65214a23b974cfc4f9ca10549599780a0cd3ed9c28825d74a8b0
-
Filesize
537B
MD532f2fad0d76ca7dc57d338cf1eca7733
SHA139df7d8f4b6ede59c172933acda5fa381520f9d1
SHA256f9adcc3b1e3e49afb6ef1dda4defc7ca0be70d22f78375f544e2a4fb9b537cfc
SHA5127605c0f414112ac757231284fba3eeb013e782d5bc09b23d875e30d5a5d44dc43e87010c852f3b73da6b95e87a3477a9cb8708a4b49fd8dac58d6ebe14b955c5
-
Filesize
6KB
MD5f45820f609736a31a299df0995223aeb
SHA12433ab20f683a3aa613d2db6fe9b0300683a2f55
SHA256784d05ee9e08c03ee3da0e45aead7638f96278c73399b0791d36659393cbfda4
SHA512b652af137bb08a8d80810ee5b60fa57b90fbe9a242a0e3f9df29c76be434c352f7c8fa82d5b2a50768740d05f602ccafc28ef01988f6341add8a9d751ec7233a
-
Filesize
109KB
MD5f05b781ebc6610d6be28745cd68b6b4b
SHA159905b17f68909047fd16e36d8eb8d0605a2047b
SHA256d100ab76c9cd36c669be7fc1f4b47a9a7834909b37577bc9b40997652cc6b593
SHA512e926c872e15cba7f473cc1f9dba30c7c997d51074cb7eda57219095d3bb3bbbe543491c452ffb6b4b4a84fe4cbf3e73335081bdded381e0e2eb5fc1016b87067
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd