Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-es -
resource tags
arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
24/11/2023, 11:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://hogami.nid.io
Resource
win10v2004-20231023-es
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://hogami.nid.io
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133452978550489031" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3380 chrome.exe 3380 chrome.exe 4724 chrome.exe 4724 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe Token: SeShutdownPrivilege 3380 chrome.exe Token: SeCreatePagefilePrivilege 3380 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe 3380 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3380 wrote to memory of 1996 3380 chrome.exe 27 PID 3380 wrote to memory of 1996 3380 chrome.exe 27 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 1580 3380 chrome.exe 87 PID 3380 wrote to memory of 64 3380 chrome.exe 86 PID 3380 wrote to memory of 64 3380 chrome.exe 86 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88 PID 3380 wrote to memory of 3008 3380 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://hogami.nid.io1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5d0f9758,0x7ffb5d0f9768,0x7ffb5d0f97782⤵PID:1996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:82⤵PID:64
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:22⤵PID:1580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:82⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:12⤵PID:3756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:12⤵PID:2368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4148 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:12⤵PID:3020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4332 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:12⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:82⤵PID:3816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4728 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:12⤵PID:1344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5180 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:12⤵PID:3196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1824,i,9069224367715644797,2755102789036723111,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4724
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120B
MD59ea6be64f49de51803046b26d114296c
SHA150eb6ce75328da3f9f63f9ab1c4fe55731025f98
SHA25693388502c4b4dddb84a217b10586aaa826eb5a02e978780fd3e9e6c49e3b0213
SHA5120bb469a69983b5df2c68beba95291bf59c76ffa56e53ff829742248cdce27cd372128a3ea43d7dacfd52890dccc97c60a1b005f5a4f7ebd45548c7859835123f
-
Filesize
1KB
MD55338323404f5fec7fec36758021ff964
SHA1e933fa60cbdc0ed044eacc913d47723a93a27273
SHA25628daf2dae15edb57438da3ceea15258348ce880d0ec7868ceaeffe97024314e6
SHA512a73cad83d80ed16e24b2e5120d1134fe41927393524fc85cf009b79a13deaa7d43043b67cbd7ceb448be2015a3eac224791599156f9fe4987ac84378d3cc4518
-
Filesize
5KB
MD5e1008807eec83bc7b79072496ead3296
SHA11c4f455a815c56bff78bbc8e707e9ea1d2f64ff2
SHA256ca925a44fa67ac725be320cc851ff95713eefcc3216f66c7255a864be03241a3
SHA5124e7edf4a3d23f86cac6fe8cf9d0a6f6d831f293b50429729a421e26563b6a7743465d56c97051d06142c0a4df2995f36ca489d816cbc5e992769a8ee4504ebbf
-
Filesize
6KB
MD52ab3decb20ce291f814ad5f2a270f410
SHA1c7737fd7660e6272f392af659ffde58306c93e4d
SHA25651f94bbe834b888fcc1cae85d2b36d3980cb1ec5248de584ea3971d2537bb647
SHA512b7d7bbece5df946d5df0a7bbd70e3e877b8e355927361b8aa3f5906bfdb32b8b10127c1c3abf01edae62a92b28cf7c4bd16c2892ed15aad3d17fe930ad21d1d4
-
Filesize
6KB
MD594d60de41b56934fb249a51a87d5b9d8
SHA188f47e1a4031a620d14998e74d8277d58ab3219b
SHA2568f1cefed6bd019ddced69f28cb06f4c6b1f7a632c1ff91fb6006050c59a386dc
SHA5125aa17571ed94e01e75963c1d55432639175769da01fd5bbf4299143416b26da3adc11771ee6eb69d16ae39c971f7ac58ea705b3d3dc6c86fedca3c5808c625fc
-
Filesize
109KB
MD5452edbc5cda085ca9becf6fd3eaaf659
SHA1d297e110a7de1d303c722ba3d5d49344db11a371
SHA2562bae9d4be82f875fa2248d4944258ed72c6de6bf8f53ab65d8407c6945d94274
SHA512f7ca312d294d79a63176d0b446eadc43f94cff673a6fdc8322fe7ae51a0a087c5f4b647b9dd0b65acc54608f3fc8a5bebfd4589cf3c934cf94600a2b22c42c53
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd