Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
18/11/2023, 14:43
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pub-c83bdd2c571c4474aa52af1897a2bef8.r2.dev/manyauth-appmfa.html#[email protected]
Resource
win10v2004-20231020-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://pub-c83bdd2c571c4474aa52af1897a2bef8.r2.dev/manyauth-appmfa.html#[email protected]
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133447922441680893" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2604 chrome.exe 2604 chrome.exe 3844 chrome.exe 3844 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2604 chrome.exe 2604 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe Token: SeShutdownPrivilege 2604 chrome.exe Token: SeCreatePagefilePrivilege 2604 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe 2604 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2604 wrote to memory of 4076 2604 chrome.exe 66 PID 2604 wrote to memory of 4076 2604 chrome.exe 66 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 5100 2604 chrome.exe 88 PID 2604 wrote to memory of 4256 2604 chrome.exe 89 PID 2604 wrote to memory of 4256 2604 chrome.exe 89 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90 PID 2604 wrote to memory of 488 2604 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-c83bdd2c571c4474aa52af1897a2bef8.r2.dev/manyauth-appmfa.html#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c7579758,0x7ff8c7579768,0x7ff8c75797782⤵PID:4076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1852,i,5941011517956247447,9258743502587573159,131072 /prefetch:22⤵PID:5100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1852,i,5941011517956247447,9258743502587573159,131072 /prefetch:82⤵PID:4256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1852,i,5941011517956247447,9258743502587573159,131072 /prefetch:82⤵PID:488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1852,i,5941011517956247447,9258743502587573159,131072 /prefetch:12⤵PID:680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1852,i,5941011517956247447,9258743502587573159,131072 /prefetch:12⤵PID:5036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1852,i,5941011517956247447,9258743502587573159,131072 /prefetch:82⤵PID:1732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1852,i,5941011517956247447,9258743502587573159,131072 /prefetch:82⤵PID:2188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1852,i,5941011517956247447,9258743502587573159,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3844
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2b2fae50-ba66-492e-af27-cf4a7e4fedaa.tmp
Filesize6KB
MD5d687c0ae207532a176a77817fbacedeb
SHA16213a66fee48c19477db86306a5e2eb8d66836e3
SHA2566866c9d1dc76c305b6638f561cd33cfce84c5aba7367e97609206374c0b3c296
SHA5122b7387d51a3c5e255366fa30bd7e8f65b2089285342b46c5514cec670d7bb5b1150ef8d1ddb2bd27e6e457147355fb2e5823a712d0b29bc6c30eb21a46b8d850
-
Filesize
120B
MD5a2020b1c33dca3dc92665e8b044effe5
SHA10a2064b7984781054dc4a5170af54ebbcdd944b9
SHA2566fd8b9aee78de1b078dfdf14fc10019df99b8de6178f1479fd89fdb6bf7c0c85
SHA51206e10480b94e092b7f34a3f634e228f9592bf7f3f68e7ab25934ed76905b2825b17dd92d07d75cdc4f0c87b302b0013b11aad2d68b61746ef94f5fd6da7727e6
-
Filesize
1KB
MD5aed40b68548fa8f0310ec5ace819793c
SHA17862ce0fc1a44aa6b871a4aa6d74d35bb86dfac6
SHA256d1686d397a9f6802fe3e21c0506fdc921245fcc30c9be3ee446e30c2d1452557
SHA51282fb37c1489d69913cb25d08ff3243beaa7b461871ab292c92e3da18b737b82a506720ba8b620ca5117e2140b0ee7e69b895fb0eb18283bcb3a40cca3bb3700c
-
Filesize
535B
MD5c0be0c056c7301b3fc3754cfc712575f
SHA13b0c16fae3ffa8d1c3a95010be7a292ee6c06a2d
SHA25658e99264b878dac31fecf79e1f5eba9554a71fde7093b1b055cf1d378f36c132
SHA512dc5dd670ce35211e0ccc5296ac926a83b62fbf360229f2f35a6cf756686e32871dbba5676bf9eff89055d3d6f44c0967eef53773ce2ecac439d11c8222c54c12
-
Filesize
6KB
MD5e0a294d386aac8d4f4aec08fbc0ed002
SHA1917750429f070c35cb235f1308b0fa7e5b3fd598
SHA2560f485e3220b68ad2f6959b2ce82618659f3aef607c946b7a46f1fe47028711d5
SHA51216afa0bf47a54e6f5c38abab2f366984ae1f464967f995e67d8e963fbb8ffe93460b5ef01966c0aa5b6d02cab20b8d98a6fef93e88f2e329e282aed40fc9812f
-
Filesize
109KB
MD5d96dc56f920e4693e2dfd3878c3ece23
SHA14ee999306041305b583ff12d91a3fa8a449d7059
SHA2560cbf6f0490e86c38f65a5d05bd69557c5ef3a302eb5a9e7038ada202e295b93b
SHA512f7268bc88c00feff74190218ac2b5ce472948dc749dd4874210d9af85e4c582c6d00916f93bb37d9e7fcb4b25cb844f052a906757546739add082db9fff25993
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd