Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
20/12/2023, 06:46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://emltrk.mpi.org/NzkxLVpOTi00NzEAAAGQIO7Qx5mMPEMJX7keY7lJGHhjTEg8WUGiHAMr9ObFXwJpGi1fx-bEZnIzOXB2V25mhPkVJVY=
Resource
win10-20231215-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
https://emltrk.mpi.org/NzkxLVpOTi00NzEAAAGQIO7Qx5mMPEMJX7keY7lJGHhjTEg8WUGiHAMr9ObFXwJpGi1fx-bEZnIzOXB2V25mhPkVJVY=
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133475284446289262" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 164 chrome.exe 164 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 164 chrome.exe 164 chrome.exe 164 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe Token: SeShutdownPrivilege 164 chrome.exe Token: SeCreatePagefilePrivilege 164 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe 164 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 164 wrote to memory of 4580 164 chrome.exe 71 PID 164 wrote to memory of 4580 164 chrome.exe 71 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 32 164 chrome.exe 73 PID 164 wrote to memory of 4976 164 chrome.exe 75 PID 164 wrote to memory of 4976 164 chrome.exe 75 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74 PID 164 wrote to memory of 1412 164 chrome.exe 74
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://emltrk.mpi.org/NzkxLVpOTi00NzEAAAGQIO7Qx5mMPEMJX7keY7lJGHhjTEg8WUGiHAMr9ObFXwJpGi1fx-bEZnIzOXB2V25mhPkVJVY=1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:164 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe0b69758,0x7ffbe0b69768,0x7ffbe0b697782⤵PID:4580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1644,i,6964662472821936357,10923953984139952549,131072 /prefetch:22⤵PID:32
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2024 --field-trial-handle=1644,i,6964662472821936357,10923953984139952549,131072 /prefetch:82⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1644,i,6964662472821936357,10923953984139952549,131072 /prefetch:82⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1644,i,6964662472821936357,10923953984139952549,131072 /prefetch:12⤵PID:5088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1644,i,6964662472821936357,10923953984139952549,131072 /prefetch:12⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1644,i,6964662472821936357,10923953984139952549,131072 /prefetch:82⤵PID:372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4756 --field-trial-handle=1644,i,6964662472821936357,10923953984139952549,131072 /prefetch:12⤵PID:912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1644,i,6964662472821936357,10923953984139952549,131072 /prefetch:82⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2492
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD58e225170d5fb6cddac3af3817b42fe33
SHA1a549b04d7b6c8893189056634b9979701041af2b
SHA2560c6fa884e45251969ca036f35a8ddc189735b63fb900115e382dd078ecf694d8
SHA512ec821bf47b9fbad406be18530702f37f7e2060ddd71fbe6f57ee477c55e47a6bd3245707fff36fbb0430613dad91937bd932174190c08b78b5a9af65296618a0
-
Filesize
2KB
MD5b2e6b9aa24090e13f2e1da2b829cfd15
SHA1cbe27a689bdc6dffb11eea66f7ea2dbd74f0a530
SHA2568ba617f9fffa612531f1b3edac983fba2ce04dba0e59e87c4b91886463c7177b
SHA512e2529cc9d40d6d356c80c156948bcd92cdfe7965d8ec06a4d8cfd3225144a28946c0a7b32b2e5b459fde7535a32980e5737a3e27e63698ecd330ca2257f471aa
-
Filesize
706B
MD5cbe02218521f4c5ecc66d462e3497764
SHA1a142ce08ac48b297a97ce0303c786514ed9a5992
SHA256d1547da0eba37acaa7abc9f951606a2fdeeed0ce9814f30aca228822f04c730d
SHA5129d023f5479e96ef6751008c8dc301ed7f8727ea2a95d14a4f138336d71eee8aaae5da5b6d1c599682352e4fb533ae531fc0a3b5aa31aa944f0d2f75554c80835
-
Filesize
5KB
MD559a004e5a6f6898133d44399518518f7
SHA1a1a68ae41c6f4cce01e2f8b226a1f3d31ac18735
SHA256507d6fc28fae5d60fbcc52f7c95fc87cfd4d249520e4931cf27d32e62817e3b3
SHA5122110bccb05ad6d0613b3d706072be4ff6229cb45781093c003c6efc9414092ae53d927583eea7aa3d4310763f975ca0e9f3f73d137bbf54daa629b074653439a
-
Filesize
6KB
MD59a96c57699118f3c7ac7e1cd2fdab0d6
SHA1e5f78bc1b6253833644f8e6587bc36f6bf4c62c1
SHA25656f56afd8511faaef416f4cbb608264307d2ec7066b7bf62e274ead679b3e471
SHA512f737bd9d15becad544d9e93f1ef1e64940a77b940ed82a24b42768ca6541093d9b4f280589f9f299d469247fe974e35d68cdb03ab4de52b918498dd1cae567e2
-
Filesize
6KB
MD5e746f43d0b1f39c52e2a7535f4dda64b
SHA1bb44af24eabb57f02761e74563d71de89f6d5d1f
SHA2566e20906cef17bba0dfb55afd7706bbb45bd6133e8b8c25bce76afddfdccbd503
SHA512b405d57b13856c9c4518c16a432c5b4e2de7bb22a51e73d01c08aada6d14fd72c282c8fd94b66e263c872dd1f4b926ed8a63fb39188cd3c2fe1546cdc735a439
-
Filesize
114KB
MD573df5852eb00fe841d6ab0188c96bdb2
SHA18a2e7a6ea813f707d5f3c3706245100afb722c1c
SHA256fa5deec82bf0519511b436cfdd2cadbfea10bc6d9d525c6104eb16f7c7418b6a
SHA5128fa317045255539949886bb4ba7bb2c2f6f022652a000e6723d5d26db9d99940c031d2ff6dba46c058757c3259f2847f253a06a088bc07dee46de607502d4a56
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd