Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
160s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
15/11/2023, 01:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://protect-au.mimecast.com/s/GGb8COMK6rcpX9ENskVpuh?domain=engage-insights.biz/
Resource
win10v2004-20231020-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://protect-au.mimecast.com/s/GGb8COMK6rcpX9ENskVpuh?domain=engage-insights.biz/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444852816360173" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3796 chrome.exe 3796 chrome.exe 4612 chrome.exe 4612 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe Token: SeShutdownPrivilege 3796 chrome.exe Token: SeCreatePagefilePrivilege 3796 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe 3796 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3796 wrote to memory of 4760 3796 chrome.exe 32 PID 3796 wrote to memory of 4760 3796 chrome.exe 32 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 452 3796 chrome.exe 88 PID 3796 wrote to memory of 3492 3796 chrome.exe 89 PID 3796 wrote to memory of 3492 3796 chrome.exe 89 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91 PID 3796 wrote to memory of 1676 3796 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://protect-au.mimecast.com/s/GGb8COMK6rcpX9ENskVpuh?domain=engage-insights.biz/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe9d3b9758,0x7ffe9d3b9768,0x7ffe9d3b97782⤵PID:4760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:22⤵PID:452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:82⤵PID:3492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:82⤵PID:1676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:12⤵PID:5088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:12⤵PID:3480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4868 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:12⤵PID:748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:82⤵PID:4188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:82⤵PID:1172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5376 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:12⤵PID:796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5408 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:12⤵PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2844 --field-trial-handle=1716,i,16252566508355838440,7094723466902837498,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
360B
MD5db84e7f69c175d58daa53e0ba5ec6d0a
SHA18ad93c4a622ad3efd360ca4a6f9472f8bafdaa03
SHA256ec8625046e64de9aef1a714dfdde0e6af8f914c3112837638aee156ba82204dc
SHA51265d641b2e32856ada3c01d5c274957f05f29a1ddfa2d3f3fcec13a58e92e178cfb462354d2b26cc81caf85b755288edb865097be8f2a6477409e269340aaa9f8
-
Filesize
2KB
MD5c8479614dc2967ef9d8936f0fb6d442e
SHA1e35265f835aca9e2a184a366bed08bb21db7247d
SHA2563a45ce8b2f3b6c4a584b2de5031802aa4c0480975eb37a43daac8d0a24790102
SHA51230118acc7093a545c444bb61879a32d1e79eace09cfa38604649cbd5e3458cbdd91b630ebfa12528a3d4bd1a1d7714b9ea434d4f14eae40f9f9fbb00b78618ca
-
Filesize
698B
MD5aadcf3310d50040c0efdacb6cd424fa4
SHA1c21423c8387782269da141e5356872b8811cc4d8
SHA256334dd25a5e0b5e3550c6b2979a3918f2f00bf6aee1d2d60cd51c9fcd9fc63519
SHA512d86903673c8688de48d071530733c677baaceb45cd8ae1ee9dfc17443de5765fe0b760498839c66ef7408c90519bc30e4ca65f9f759405ef8be20b7f4799b456
-
Filesize
6KB
MD5ff2ac2836142f5a4db65a126ad6aadc0
SHA121c1a978d0472cccb0c45aeb79a37b499950e44f
SHA25655b89d7d160e1dc7d24929f1a160817f01e28a31ccd5e8b8a37a73f82e046d73
SHA512979724a1d8c885be6805ba3944056a914a515ced29d815de2d07d0613e48b104a6fe897934cbd5bf65acdc0bdb89fff2cf6ad839fddc3abbe91c2f099f483658
-
Filesize
6KB
MD550aad245db517b38fa30e2ed040e75a2
SHA1064be5da9941b992e1cd0e0e69000e76c44c3973
SHA256bfc4b03e2d6de5c350c814a3d02d97eb22a0c40cde05934d4f5a5499e3a5f6e4
SHA512cf6778a1d38c51794c6f27175762b99c17820ab7a90f1546bed8a722e7fd892e2f81f75ea45e34ca41055932c4eca792db0b9f57e72b02f824d6858d4c6fce9c
-
Filesize
6KB
MD55d79262780a51e00c587ed9877bc9505
SHA1c4d39ff597ed690de6d2b6d5537353586d4abbbf
SHA2560ad115504a16ebcddbbaf2c0ec90fcd521c601cffe472527b4cad906d6d2ffd2
SHA512756d1a403f004b44a3e29e7163168e7bd6dd24b896949c323597903ae6b71e0a41bcbf9f709c453e8c520754e388dc21853a4953876de5bf61013683cb472102
-
Filesize
109KB
MD569a49d48d91bddf5d11115e0f6d01889
SHA1c8e2354a8cc33dbcb6a8ccc086cf37a2e7d30593
SHA256a664e89d597221a2e2c8237ffbdd640b6ab424bb5b9b241d2af8cb34b808c12f
SHA512d099d362dfad4cb7d23d7debbe60a24b00397f23092cb350019ecbbb5d19a9d135d3a414e510dfad8797e7e1142822005496d8988eed0fce3086dd253b8cd7a7
-
Filesize
109KB
MD5286db88f42b9b4b398374d80769a50e5
SHA1bafe5c39ab1dacfc23c65e21884a5c3f7efd6298
SHA256944d95b380c4eecc3adc81874940518a7544186e4ed95add9ff1ad8ca9f7ac29
SHA512dbda90d2e7601ef4fe8eeff238076f218080c9a55fb68dd24e6fde8da3486075189f70149b40030bb3ceb7c9c8c5a28e918fdccebeb4f949254668bce771f333
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd