Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
279s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
06/11/2023, 12:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://congenerical-nudnick-ad7c930bd238.herokuapp.com/b?y=49ii4eh26oqj8d366kpjec1n75gj4d9g60o32e9k6pgjad925gh748hq49k78t3gect2ubr1ctkmoqbkf5hmurbdecn66rpeelliuob7d5m6it3p5lqm6bp2
Resource
win10v2004-20231020-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://congenerical-nudnick-ad7c930bd238.herokuapp.com/b?y=49ii4eh26oqj8d366kpjec1n75gj4d9g60o32e9k6pgjad925gh748hq49k78t3gect2ubr1ctkmoqbkf5hmurbdecn66rpeelliuob7d5m6it3p5lqm6bp2
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133437472440968673" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1020 chrome.exe 1020 chrome.exe 2208 chrome.exe 2208 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe Token: SeShutdownPrivilege 1020 chrome.exe Token: SeCreatePagefilePrivilege 1020 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe 1020 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1020 wrote to memory of 3944 1020 chrome.exe 47 PID 1020 wrote to memory of 3944 1020 chrome.exe 47 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4748 1020 chrome.exe 91 PID 1020 wrote to memory of 4532 1020 chrome.exe 92 PID 1020 wrote to memory of 4532 1020 chrome.exe 92 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95 PID 1020 wrote to memory of 4692 1020 chrome.exe 95
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://congenerical-nudnick-ad7c930bd238.herokuapp.com/b?y=49ii4eh26oqj8d366kpjec1n75gj4d9g60o32e9k6pgjad925gh748hq49k78t3gect2ubr1ctkmoqbkf5hmurbdecn66rpeelliuob7d5m6it3p5lqm6bp21⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff946199758,0x7ff946199768,0x7ff9461997782⤵PID:3944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:22⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:82⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:12⤵PID:212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:12⤵PID:4252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:82⤵PID:4692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:12⤵PID:404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:82⤵PID:728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:82⤵PID:4600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 --field-trial-handle=1864,i,5631286324735464373,7235527504576676544,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4904
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5badd261c3b1b8f1f487890e662802b6f
SHA13efb9d936edf6041c6fed0b58201859f8eff67c4
SHA2565f53103bce81caba0d4345b4295460e3b26402d32c3fc96ae4a87b1765c6611b
SHA51236aeacb71b5636492165802c400a5558426e2d56cb75a2e0d03b26531424f28ee7974896370e9a8907480c849f1a2c7622e9a416650b25eb5b07d92caa5dcc0f
-
Filesize
6KB
MD5283457d41442c0ce938c2388237e9994
SHA189034f3d645e8818737cf918d150419ffac06aad
SHA2567f3cbbadcaa71208bf323fa59487db211556b25c1ea2a6621b1c609bfc0cea9f
SHA5124fd0699a81aac8115a1395b96d8831376abda27cf7385eb12a32702626d85a3901cfba5baf6b2f4ac6e3fde76219d040b167e5150945286c38776fc6b9fe5c2f
-
Filesize
109KB
MD540dc9b3d8aeb3656d22d25285073146f
SHA106bd904e7bb9f094d6d7a93a53eda2a362a0a795
SHA256005aa1d14382254857d42df103abbc06f80eafd45348483a059e3bfbee932994
SHA512c43b9ec9d66ff0c80c1b1b874dd3023ea6180657d5173cbb9af55b010c5aa6e0c6e30ab580aee4c12e24c705a044dbc02132d76c16608df7b7b6f66553018388
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd