Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
62s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05/01/2024, 16:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://ns.useplus.org/ldf/xmp/1.0/
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
http://ns.useplus.org/ldf/xmp/1.0/
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://ns.useplus.org/ldf/xmp/1.0/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3032 wrote to memory of 816 3032 chrome.exe 28 PID 3032 wrote to memory of 816 3032 chrome.exe 28 PID 3032 wrote to memory of 816 3032 chrome.exe 28 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2728 3032 chrome.exe 30 PID 3032 wrote to memory of 2592 3032 chrome.exe 31 PID 3032 wrote to memory of 2592 3032 chrome.exe 31 PID 3032 wrote to memory of 2592 3032 chrome.exe 31 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32 PID 3032 wrote to memory of 1144 3032 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ns.useplus.org/ldf/xmp/1.0/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70f9758,0x7fef70f9768,0x7fef70f97782⤵PID:816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1356,i,16621700477907619220,6232104694284748870,131072 /prefetch:22⤵PID:2728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1356,i,16621700477907619220,6232104694284748870,131072 /prefetch:82⤵PID:2592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 --field-trial-handle=1356,i,16621700477907619220,6232104694284748870,131072 /prefetch:82⤵PID:1144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1356,i,16621700477907619220,6232104694284748870,131072 /prefetch:12⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1356,i,16621700477907619220,6232104694284748870,131072 /prefetch:12⤵PID:1812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 --field-trial-handle=1356,i,16621700477907619220,6232104694284748870,131072 /prefetch:22⤵PID:1620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3004 --field-trial-handle=1356,i,16621700477907619220,6232104694284748870,131072 /prefetch:82⤵PID:2052
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD5ecf27c392af2b1afa27cc037e3abd641
SHA1d57dab7a47afe86124401887e58e3a0f7f030e0a
SHA256215dfeaae9afaf919131a38aae303ce5936ef1b9f1ed3a4bac3a23f7c94c33a2
SHA5128d7a0a90a3cbb1bebdccc6fe7ef75a3f391b2580428638ad11c298f4766f9bf27f3f3c4f789082e43ea7caa93d2713375cd2cd3057c40b66ce8380dfa2a155b2
-
Filesize
4KB
MD5cff7a3a43cd553e144234efe78870d26
SHA1e44f99a13cc55dd04c432790c96aed15c04dcf81
SHA2564e898addb3120f9b925957c84b1cf4917df60a81df5815197b1469c4cd79a999
SHA512d60d1d85abcf2b241765217c7cf2b4c1ee577a505ac514f26af84d1e16d608e6d3cf2efe87a84d886584aa76a04a5e37b896a7a5cf0d461b7860503bbc0895bd
-
Filesize
4KB
MD5e192737bfcd5f06d6ecf90430f0ec903
SHA1c1ec47cbd6ccf5c3a53119b382c741290b146528
SHA256cb394b68ae2bfd86b98d67384efba0a938ba4e080f42b55f7775a14ba9be88cf
SHA5128c98e33d73682df6a20feecec84f83b7a52f6a63b873645e3a2408a9e33301bd6e5ad981901ae85d6e726eb9904138d5eb6b085d5c9d2707a1a973fb5da76548
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2