Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
10/01/2024, 13:55
240110-q8lzqsgfgk 110/01/2024, 13:55
240110-q74hdsgffl 105/12/2023, 14:24
231205-rq4bqsbh77 705/12/2023, 14:23
231205-rqbxgsbe6w 105/12/2023, 14:10
231205-rgypwsbd71 105/12/2023, 13:54
231205-q7rtlabd2y 814/11/2023, 14:09
231114-rgcgnacg7s 6Analysis
-
max time kernel
1844s -
max time network
1742s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2024, 13:55
Static task
static1
Behavioral task
behavioral1
Sample
.html
Resource
win7-20231215-en
windows7-x64
6 signatures
1800 seconds
Behavioral task
behavioral2
Sample
.html
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
1800 seconds
Behavioral task
behavioral3
Sample
.html
Resource
macos-20231201-en
macos-10.15-amd64
0 signatures
1800 seconds
General
-
Target
.html
-
Size
14KB
-
MD5
cf9283c6d5b9f12e3834dc202b82fa67
-
SHA1
b49cf7a36baadab49b38b16b60e82805a62684cc
-
SHA256
8b5a76c03b0494601a599296a59cefdcaa9168527328edcefbcdef703c4e3d0b
-
SHA512
c4cb83f0e0a261df41ef046799073750c92e2d368c4b29151ebc4c78d83a1dd32e84ddbf35df931861e0ff1f5e4b7a4f5e9871fc121bf3c24653f1d0bb8f82f4
-
SSDEEP
384:rXvNgIfDpmRgVoOsKHElKeGMDU8Hhhb0vmx28cSz:r/5fVoOsKkI1M7Bhb6mdB
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133493688841843569" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4340 chrome.exe 4340 chrome.exe 4224 chrome.exe 4224 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4340 chrome.exe 4340 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe Token: SeShutdownPrivilege 4340 chrome.exe Token: SeCreatePagefilePrivilege 4340 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe 4340 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4340 wrote to memory of 3044 4340 chrome.exe 87 PID 4340 wrote to memory of 3044 4340 chrome.exe 87 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4228 4340 chrome.exe 89 PID 4340 wrote to memory of 4716 4340 chrome.exe 90 PID 4340 wrote to memory of 4716 4340 chrome.exe 90 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91 PID 4340 wrote to memory of 1128 4340 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4340 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d3079758,0x7ff9d3079768,0x7ff9d30797782⤵PID:3044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1864,i,4285956728644209781,3128171495733778664,131072 /prefetch:22⤵PID:4228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1864,i,4285956728644209781,3128171495733778664,131072 /prefetch:82⤵PID:4716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1864,i,4285956728644209781,3128171495733778664,131072 /prefetch:82⤵PID:1128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1864,i,4285956728644209781,3128171495733778664,131072 /prefetch:12⤵PID:4860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1864,i,4285956728644209781,3128171495733778664,131072 /prefetch:12⤵PID:4516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1864,i,4285956728644209781,3128171495733778664,131072 /prefetch:82⤵PID:456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 --field-trial-handle=1864,i,4285956728644209781,3128171495733778664,131072 /prefetch:82⤵PID:2716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 --field-trial-handle=1864,i,4285956728644209781,3128171495733778664,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4224
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1916
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD57eca8db9fb4acd87d738b409bd0d118d
SHA135a133abb8419484d9b565714bccc1343c97915e
SHA256e547ff71d929721066e70e78320ed35232a462d155da6f16eab1571648d0f4c9
SHA512957e52179b5447ff422676e4b2fd77f1716a623e7c79b0c60477c7bb57435c4d07278014a5046530136ab6ed69e44d4e984a23fc403bdcf8368975f528856ee4
-
Filesize
6KB
MD5fa92b45e1cc2f880743ce1832e71ecaa
SHA1c28a2577a19b549483a2d7af897e22afec775290
SHA256535fac6b8e86082cb56e2275db11b20bbcbe3157f72afdecb88f41a7e39134cf
SHA5121e19334660db6a734485f637a4c55da6d2afeb51c848454c47990fb470f3544eb0d504cd6155fbc7dd74276ed5ab1742037d0852f0cfa12106c6fd9991b4e942
-
Filesize
6KB
MD58c15c5e3494baff358d58ee3da0eab21
SHA127dfd65f2297c0606893bd8c1153768401b1d160
SHA2562fba490b31ebb590cebdfcc070a3ef7320c8743db3e55a245018b457083bc926
SHA5129cf716021697ea8577b1d2549126e4e26bd3d3f054d5656713c12e015d28f589d310f9eb569163dced85dad060f0aa9af09875282dec1f11cfb37ceffd1cd072
-
Filesize
114KB
MD5d46d68a632a01f35b2cc41b6c27723ef
SHA19022ff13ccd55706556f5216f6d83bbd9d13feb2
SHA2567c1fa86762730f437e0062a37fbcfb16f9e9baeb8a449af419259e38d48607e3
SHA512afc3023d4147e542259950993003ade9641f5dc09cf2d8109cf26b750058558f778c5997aae937de2412fe8418fa8ccd540d5ea9d18af5e41b63ce3f5fadae95
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd