Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
13/11/2023, 18:54
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://clt1632902.benchurl.com/c/v?e=172D009&c=18EA86&t=0&l=DB486BF2&email=yooDj9Sr8Uf1wHyFTB3%2Fud%2FG2MGFgg9DBJcAT8xErqg%3D
Resource
win10v2004-20231020-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://clt1632902.benchurl.com/c/v?e=172D009&c=18EA86&t=0&l=DB486BF2&email=yooDj9Sr8Uf1wHyFTB3%2Fud%2FG2MGFgg9DBJcAT8xErqg%3D
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133443752773164757" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1456 chrome.exe 1456 chrome.exe 4636 chrome.exe 4636 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1456 chrome.exe 1456 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe Token: SeShutdownPrivilege 1456 chrome.exe Token: SeCreatePagefilePrivilege 1456 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe 1456 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1456 wrote to memory of 1756 1456 chrome.exe 42 PID 1456 wrote to memory of 1756 1456 chrome.exe 42 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 4564 1456 chrome.exe 88 PID 1456 wrote to memory of 2404 1456 chrome.exe 89 PID 1456 wrote to memory of 2404 1456 chrome.exe 89 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90 PID 1456 wrote to memory of 1832 1456 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://clt1632902.benchurl.com/c/v?e=172D009&c=18EA86&t=0&l=DB486BF2&email=yooDj9Sr8Uf1wHyFTB3%2Fud%2FG2MGFgg9DBJcAT8xErqg%3D1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf2799758,0x7ffdf2799768,0x7ffdf27997782⤵PID:1756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1876,i,9369524676115269111,1330801157843818507,131072 /prefetch:22⤵PID:4564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1876,i,9369524676115269111,1330801157843818507,131072 /prefetch:82⤵PID:2404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,9369524676115269111,1330801157843818507,131072 /prefetch:82⤵PID:1832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1876,i,9369524676115269111,1330801157843818507,131072 /prefetch:12⤵PID:4932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1876,i,9369524676115269111,1330801157843818507,131072 /prefetch:12⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1876,i,9369524676115269111,1330801157843818507,131072 /prefetch:82⤵PID:4432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1876,i,9369524676115269111,1330801157843818507,131072 /prefetch:82⤵PID:1140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3944 --field-trial-handle=1876,i,9369524676115269111,1330801157843818507,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4636
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1132
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD5b7fb2858b101836a44acbdfbf415afe4
SHA117605bc5ab407d9667691e9c794a156ad9a8fe45
SHA25695af621346345f0a9cb32163d1df482c703b2e4adc940b1f3d1b81d9c7f8b832
SHA512dab36ddc02981f785fdf392ee06e33a1c6fa445c5211168f16fe4615c1867cb7483611a465b22d41fa3492b66195171a106077d89dce84ba0f394823cfc4d502
-
Filesize
216B
MD56892c41744e95521fd462657b2f80a7d
SHA1ef18bfd08797d3b7f7860838a579aceda983d835
SHA2565092e4991e0753332d5efb6be2bafba6fb16bac31d624169e145c86bf9d948d2
SHA51280c4085aa59bdb6c2c3c28f8cb849459622a7b747bd52f1cd92ed219e7434f6df065f95f425ec47f455b15c220c89457a146ced3f573936539a56330a3a8a288
-
Filesize
2KB
MD5e4ecd88e9d12442398985f01e01aeadd
SHA134e5d73b61d585b0ce19fa6f43f47341ac33ed07
SHA25640de56b901b296f479bbad44462bcb778414e6c68547c8e4f17bd1e494e6804b
SHA51234e4ec8e747d4d1e8fd22ff28f139483ab225bac5b3df11afda68ff20397ec96b7143f597d84c8ae0610149edaa605fbd3ed0bc4ed392b31f2b3798f257dcc79
-
Filesize
705B
MD5ee6b0509a1c53412f91841bf397bc6f4
SHA1fe9801992d39f8845f2c127639cee376e5979e40
SHA2569631f33d306110e7f00140e3558803a0f444f9c5bb7db0f2a2f5093e65e8cc15
SHA5129237f02bb2312849d8e957282ea8055a15662219258181b96b42c014ad67d4c1711db6494055829ef147e019981f2e60e08bd411d3cb91d4c15f582f5bdd1e21
-
Filesize
538B
MD58328818962e103b7d7d88d4f98ba32f0
SHA11b33880dd5e0ac7553b3a16d6a3f70fa61528ccf
SHA256021b475fd0ffdbb8590035d61d9dea06d581fa924ef92e5ce715a5d398f09aac
SHA512058fb915d6a2b5f6a6161e29c89ad6d0d757a88d58dc0fa874bb3bf7b43f234fcd8c8cd20f14fc92f5a5763af7a3534606768123b334e7f64ccb41f7a2a84d09
-
Filesize
6KB
MD52d3a29463ca0adab445642336fb5255e
SHA1e7b37e0a9d818ad14458ed65713a218bc050ad58
SHA2566100b5166e3d28cd551215660f8d372185d32bf4f07321fd245910572e6a0183
SHA5126672a176cfe57018194adf05c5799de5aa19bbf5415a4f2b0dad45deb4c33055f2854c31e0d6cd54a83951b16727a6ddaf8601a3baeff0704708c2a6c2f2b448
-
Filesize
6KB
MD504b8ca6a83271ff12befc379e5921528
SHA191587ed0769539aba873623a55563469152131ba
SHA256d175046dcf2444c729bf9fa6d7f905bf671bdf102c5053eca6bc3d229011130b
SHA5129e16aa9afd935ac33fb31d8c5c1d469597f395cee32a01bb4c1790a41406dc8b021082f1adcf7f9d371d051f26ed4ca1ce383cdb7d829726edeb4e7b5ef52665
-
Filesize
6KB
MD587bc1909f4921b31c22a601e0a1f0edb
SHA160cf16e957357d51bc4f5ed4325e28bf0de163f0
SHA2569298424a5fd42a8c71763fd7b5162e318ae7e8585732767800f1d25c7061bacf
SHA5124abcdb4813c01f792ee721882b3a2d0476968e9bd38b05d4bb94f9078d63e4f772dc23cb98207897e8d8fdd4abc8fbee6ccb69bf975ca0d39adefefa39ae1de2
-
Filesize
109KB
MD591c277da4dcc055c30564ea298259278
SHA1dd8d9f8e765be85494b377637268059ce64533a4
SHA2565fc72e2b141aafa00cb96cc83e7066f8a3f8ed791b0dbaa77d9a1ca1b8d8cbb7
SHA5126b10b887c2f24e4e3f0da9b2717af07042c20d8f8bde767658f41a8b38d19f993158e75483279987a282269c3689975a1b973b19ec220b5106ff201b00baab16
-
Filesize
109KB
MD5fece78a755d9a0a22adcae506d5c5813
SHA1ca27184693858170e776b0afc416343d28b214bf
SHA256b7fc212fa8a27f31fcd5ed0cb831028d41626d929650c8ccd00a6f1712815113
SHA5121b480d1035faf4ff10bb921021159cb8bb994d542f0b935fbea7f51a9751d0c2017f0c4bf55989906bc3ab1760988a7c33531170da42cef416e8f3950dca98fb
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd