Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
160s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05/01/2024, 23:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://storage.googleapis.com/ouihruvrgrff/ouihruvrgrff/unsub.html
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://storage.googleapis.com/ouihruvrgrff/ouihruvrgrff/unsub.html
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133489698739200672" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2716 chrome.exe 2716 chrome.exe 4852 chrome.exe 4852 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2716 chrome.exe 2716 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeCreatePagefilePrivilege 2716 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2716 wrote to memory of 4912 2716 chrome.exe 89 PID 2716 wrote to memory of 4912 2716 chrome.exe 89 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 3184 2716 chrome.exe 92 PID 2716 wrote to memory of 4080 2716 chrome.exe 94 PID 2716 wrote to memory of 4080 2716 chrome.exe 94 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93 PID 2716 wrote to memory of 2240 2716 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://storage.googleapis.com/ouihruvrgrff/ouihruvrgrff/unsub.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc499a9758,0x7ffc499a9768,0x7ffc499a97782⤵PID:4912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1884,i,16299975537330786207,6090828288414916228,131072 /prefetch:22⤵PID:3184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1884,i,16299975537330786207,6090828288414916228,131072 /prefetch:82⤵PID:2240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1884,i,16299975537330786207,6090828288414916228,131072 /prefetch:82⤵PID:4080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1884,i,16299975537330786207,6090828288414916228,131072 /prefetch:12⤵PID:4868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1884,i,16299975537330786207,6090828288414916228,131072 /prefetch:12⤵PID:1944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1884,i,16299975537330786207,6090828288414916228,131072 /prefetch:82⤵PID:1876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1884,i,16299975537330786207,6090828288414916228,131072 /prefetch:82⤵PID:3584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 --field-trial-handle=1884,i,16299975537330786207,6090828288414916228,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3096
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58f9ac34e7fe3db89f5c30619613a9a62
SHA14ae9728913bda14fc10d9e5704a77c072c7292d8
SHA2565757019669b54e52b56930b0b210b9e89d9a0987a677229e764419ba105c497e
SHA512edb0b0857f901772efd127ed58442756743a8626712bff5c88b93809defd2597b589feb6bda390167c18e5befb1b4b7efd6bbb3b2884f448d802369553daa7ea
-
Filesize
1KB
MD5b3b4ac90c7e6fa9969f1ac67b2b7b850
SHA172f22adabe7a23f0fa35fc9361fd42900d383bc1
SHA256d24237230d4aafd329e99346618fc5abe10ef0aa9b6a5f841f3e7b2b0b957e7d
SHA5120651fadd873ea7455a0280503878bdd399835f5c646e666cc0a32aa508e51cddf3b9a2c6cee752885c31195fb0ac0053552ea35d796f811ea2e13b96364d38bb
-
Filesize
6KB
MD5d750d251a55f1b1c92f8b01659d38f82
SHA15a3e8400bf2199982c161d4e55afa84e46f83544
SHA256b0cb4fa3824fa9938d7a7650f6413c0d23dc1fb583bc8ce65835ee483475cfb8
SHA512db56f0ce1d5343bd8543bca8c9ded730076c63492e7deb9cbaf11c90d003ecb59734bac2f682b42fca79528757656ce7e9c4ed91fa32f0f6d72af25624bcc35d
-
Filesize
5KB
MD505d0ca1f06815b1f616cf3e1baccbb0a
SHA1437cdba7b8f71408179be0b6c121da04fad62e51
SHA256e55f38776dbd1d434c6f129b782b5f1e6e91db93460479b7dc3f48bd9566f579
SHA512819a2dd0d187bcd8f11c4b2e7e097465d5c44d921994c3615059d78c791c6f094d7023ebe4ac0608cbcbe5ff539093a0a854741d4c22c056e79c78c4f6031a00
-
Filesize
5KB
MD54405a539b7290e8f351e1d536193b725
SHA1729e964e8e0bd690b57079f3c9367abd2506e78b
SHA256c90c2a30d02c5ed5a682e41bd63c0f8f6d4a91ed435f0b13ff73025c61d9a092
SHA512b5460995751a220a8527accca1f2517f12b542eb90d8b516e12da9a997acdf490504f42ad678c45fe90dac73a32577d22dfad2e88c139c5261e8eaa39a8cba37
-
Filesize
114KB
MD500a0362f2cbcac5ee60481930b0cb290
SHA1e3e0fb77ab153cad32925e0aeb1926911a56f58e
SHA256795104ca98ed0d91037ecc9de9733196e195434cdf27511806746298867ba058
SHA5127fc31863f8d83b1bba704dfe6dad974764b564f17ef4c15f68c3153189ea43af8efa5ece200e5a1640d008d95c9ce65c131214319839f6c4f05efeb911373029
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd