Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
21/11/2023, 23:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mizuhoamericas.com/email-disclaimer
Resource
win10v2004-20231020-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://mizuhoamericas.com/email-disclaimer
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133450828358100644" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3496 chrome.exe 3496 chrome.exe 3104 chrome.exe 3104 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3496 wrote to memory of 3856 3496 chrome.exe 37 PID 3496 wrote to memory of 3856 3496 chrome.exe 37 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 3440 3496 chrome.exe 85 PID 3496 wrote to memory of 1276 3496 chrome.exe 87 PID 3496 wrote to memory of 1276 3496 chrome.exe 87 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86 PID 3496 wrote to memory of 3760 3496 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mizuhoamericas.com/email-disclaimer1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9fb49758,0x7ffd9fb49768,0x7ffd9fb497782⤵PID:3856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:22⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:82⤵PID:3760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:82⤵PID:1276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:12⤵PID:2044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:12⤵PID:3068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3944 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:12⤵PID:4980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:82⤵PID:3960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 --field-trial-handle=1896,i,815069325669969628,11115000196976394215,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3104
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
360B
MD5c723e5941abbc41c4a2dc14907a58be0
SHA15427ce9ff1c23f7b2b19d088c1e7a1611f1364ce
SHA256d271f8fb5c67a28821b88361f9b399ab7a56ecf60f0e7cb93ce427c97bd7104d
SHA5125d0d33ca09e50dd713e7cef32b9a6806d3367c1626dd644a2673ec2de8819426ca9611c3e6459ed29438a250df8824a424c0d15e369e314be4f37cc3130363b4
-
Filesize
2KB
MD5ae4c1529d866519e3130ee43150a8d3a
SHA14ef925369b5e1d2c91f17f9651770c50db30a97c
SHA256f0313cb369d22d3516622c79e3f45d91e290c8cfd266b651863befcd15ab0872
SHA512a114d1237ff22367a5a6621c10f081f99ea6d08d3f55f1a6cf8cc8992fe43aa05e337713773f6d9cf97d80bd754f7d42f80bffb7e2ed414897261dad1e041c64
-
Filesize
1KB
MD5d5c84a13fbac14145d579dccf4825ce1
SHA11f806b2728b88ddde563605c7a3c901c5fd0188a
SHA25633c2aa4b362e4baf6fc4952396e0269b13dc83cd40111c5ce32f1d6c92e1b171
SHA5122dcea3421e7639fc864bf6f5e04cb9836f6494af5967d665be4b39a7e72898542982c2d35c43b2bc3c5ae28fbee1ed1facaba88f3bc8cd2cc76726bcdfc434b9
-
Filesize
6KB
MD5237911627475f1ddd8a8a05736e2e429
SHA1e5f338c0ef042a0d32df85fdfc998777f57a742d
SHA25616b09b485027846557e49403fbf126d68fa56c3954fc36d23262afa2239bbb8c
SHA512d7bc56e894cad11f50e4025bf5280c78019c17b27f9b0c2624957f987d150575e0f7ab494663b7bda8217ae5e91f9cf97e4b0ba56d742def6863c45194b861e7
-
Filesize
109KB
MD5b0d04f52a260e89b4beaaa8393bd7792
SHA1918e6ffa1a2e0cd6688c1799b12446e7235f2f3a
SHA2563e0b6af1aa23e0cdda556d56acd0e6e76372120f837767aad116755bc3de4921
SHA5128bb360e82c9b38dda014e86618c30e13c022b2f52fce4f423c7a668d65cc2f5bc3faa661717f470de8111018a6f18655591c0d264b8661e11c98a8680f201522
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd