Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
599s -
max time network
490s -
platform
windows10-1703_x64 -
resource
win10-20231023-en -
resource tags
arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system -
submitted
17/11/2023, 21:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://netid.today/gov.utah.edu/continue.php
Resource
win10-20231023-en
windows10-1703-x64
8 signatures
600 seconds
General
-
Target
http://netid.today/gov.utah.edu/continue.php
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133447303399651572" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1232 chrome.exe 1232 chrome.exe 4876 chrome.exe 4876 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1232 chrome.exe 1232 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe Token: SeShutdownPrivilege 1232 chrome.exe Token: SeCreatePagefilePrivilege 1232 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe 1232 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1232 wrote to memory of 4188 1232 chrome.exe 60 PID 1232 wrote to memory of 4188 1232 chrome.exe 60 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4772 1232 chrome.exe 73 PID 1232 wrote to memory of 4560 1232 chrome.exe 74 PID 1232 wrote to memory of 4560 1232 chrome.exe 74 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75 PID 1232 wrote to memory of 524 1232 chrome.exe 75
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://netid.today/gov.utah.edu/continue.php1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1232 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd621d9758,0x7ffd621d9768,0x7ffd621d97782⤵PID:4188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1832,i,12971212719931726660,3518660140931567090,131072 /prefetch:22⤵PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1832,i,12971212719931726660,3518660140931567090,131072 /prefetch:82⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1832,i,12971212719931726660,3518660140931567090,131072 /prefetch:82⤵PID:524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2712 --field-trial-handle=1832,i,12971212719931726660,3518660140931567090,131072 /prefetch:12⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2692 --field-trial-handle=1832,i,12971212719931726660,3518660140931567090,131072 /prefetch:12⤵PID:4052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1832,i,12971212719931726660,3518660140931567090,131072 /prefetch:82⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1832,i,12971212719931726660,3518660140931567090,131072 /prefetch:82⤵PID:1940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,12971212719931726660,3518660140931567090,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c6bfc1e4b00ad5407d4b92355f9de004
SHA1a57301d7a1fc5430281e32daf54e2d4f44ec6590
SHA25690bf7be36053ba0d0cf973318b613068987e816afd335ea59ed0a81eb641a8c7
SHA512d58bacaa7a8135032b0d19a4efbd1064b18f452c06347eaa200e910c049ef452a825f873cbf0caedbd6a049be7ccacb056d79c2634e36329dfd741b1c7169cff
-
Filesize
5KB
MD573b25967436293075a9401222eb89cc8
SHA1dfe99e8ed0ac1402fdd5e208bdda328a834e7715
SHA2565cb5ff60f9ee50c1dcd984baeb1bc4cdefbaf52111427350c963bca3f53beb3e
SHA512d3fcc219a473dd41c54a8e8f9bfa3f0efcbe31d05d8d84c3f069b7b6e9ac65a23ed0641414dd107f8e56518f846e0b93763adc389237deba1daa88dc31e38216
-
Filesize
6KB
MD52038c3ef00d80f5bc320aaa50d68ac5f
SHA179193582be8bb51aa0d49feb5d8438adaf84793b
SHA2562345b66255bbecd4f453eefd7fd01445159779b587e3a7ef2cebdef328e83d3f
SHA51298ec0074f2ddbb837fc9164db960a04025952361219f8ac38f8b1ea093bceb53de94fd685090e671c8a2af7f80d6bb48d55a847dad57d80c84537694c3e866ad
-
Filesize
5KB
MD5eef430254294e8c40c23588fe50d8372
SHA18447e5185387936b5b3adb65f8f0d08fc00fb781
SHA256ee4d86c36d193acc9fb00d63c2e088aa61f697c13f4925cd44adbcce6fcb4ab5
SHA51267161e5528e1cc1dc74647f2fb7bbe8326ccca39bc28e5747ad63c000adc3177446a7d59309f0ae61076000c485a766ebc73c764a9bbd9528c83cb3376f04fda
-
Filesize
109KB
MD5c5cbb3726473ad245ca8c67139bc355a
SHA126f3e9115e26d5139c9ce14902d350f5e10e4365
SHA2566e7e5b1285a8e30f96730435e676d539d7d08880286e2a6a9ba55666ee593e01
SHA5127b31657af3a57d80f89ba99423b9a7aab8b493f4c5b6df035cdd77340de51be07dbc8467badf32c3960a37bcbad1a58d850c3c66d0957ba2390ab3983ba093d1
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd