Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
18/01/2024, 11:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fon.alz.to%2fsite%2fR%3fi%3d9fbRRffWWnP6L9%2dYsaZpr6W7jnBgYYX7ewPilG1fi8U7GlJqmFTpSw&umid=26147449-e004-46f1-8354-d8de42f8e460&auth=22703eca72d2c61a5658601e78d3fe1b18a78c37-05196a59c9ee8c04258268d12fc8561fc49efc65
Resource
win10-20231215-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fon.alz.to%2fsite%2fR%3fi%3d9fbRRffWWnP6L9%2dYsaZpr6W7jnBgYYX7ewPilG1fi8U7GlJqmFTpSw&umid=26147449-e004-46f1-8354-d8de42f8e460&auth=22703eca72d2c61a5658601e78d3fe1b18a78c37-05196a59c9ee8c04258268d12fc8561fc49efc65
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133500501164108968" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3964 chrome.exe 3964 chrome.exe 4956 chrome.exe 4956 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe Token: SeShutdownPrivilege 3964 chrome.exe Token: SeCreatePagefilePrivilege 3964 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe 3964 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3964 wrote to memory of 2792 3964 chrome.exe 46 PID 3964 wrote to memory of 2792 3964 chrome.exe 46 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 880 3964 chrome.exe 79 PID 3964 wrote to memory of 1420 3964 chrome.exe 76 PID 3964 wrote to memory of 1420 3964 chrome.exe 76 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75 PID 3964 wrote to memory of 4408 3964 chrome.exe 75
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fon.alz.to%2fsite%2fR%3fi%3d9fbRRffWWnP6L9%2dYsaZpr6W7jnBgYYX7ewPilG1fi8U7GlJqmFTpSw&umid=26147449-e004-46f1-8354-d8de42f8e460&auth=22703eca72d2c61a5658601e78d3fe1b18a78c37-05196a59c9ee8c04258268d12fc8561fc49efc651⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3964 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffce8539758,0x7ffce8539768,0x7ffce85397782⤵PID:2792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2004 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:82⤵PID:4408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:82⤵PID:1420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:12⤵PID:3004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:12⤵PID:1780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:22⤵PID:880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:82⤵PID:5060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:82⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5096 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:12⤵PID:4076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 --field-trial-handle=1840,i,16112409544528817948,7956569089390408461,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4956
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
452KB
MD517f1749d91527d0510e300f182b436f7
SHA18978a6d55566b43cb3418a23fe0d1f0abd305061
SHA256daa44fbfbefd783d194a2f2884b0584bd4b2d83e2702b49a719910451c2e5c78
SHA5126a2f84c667777ded6eff0d18e549db2e98439a1093f2a18bfd8404fb0ffd812db0959a6b95b486452d5fc68bccc35cdba94f83dd3b786076ddbbce077cf8f4e4
-
Filesize
552B
MD5fd03b6a527af343b236af5c95ba64b25
SHA196c02121572c03adbf5d500175296a7d894d5e42
SHA25694474807c8be2ea197d8cddba20b8a5a5c29e2d9c65518c226d255cc2c8e10a6
SHA512cebf2609743958f39593a0fa40f4f511e5e7e3a016002936a64e81750e68e03a6d7a302f0fd8b7315a085355d674783ff6de6ce3746ef25ea341aa830b4994b7
-
Filesize
1KB
MD5b1889ee042787197d86fb4eada235ae4
SHA1ca7c6ca21c302b1b409895be40286555a6d6c6ce
SHA256160be05f11c948770f05d79d86339c5ab2d0c76728e2849b0d5657eb90a9ef10
SHA512f1aa7e2cd62dff14c3b76a9981a4daa5aec69fae707b832cb4de2f03d8cbe944b85d149367d1bdfbf441cf5a0631e082e7d3d7780ae70bdaa448ab0cb1596020
-
Filesize
706B
MD57cdebd917c62c3180bd1a3856d18b54a
SHA145aef4a1f040753e48c05d2db60f5d6de55c83d3
SHA256d5580dcf8ff6ee9fb78d1f43c1289c44098bd61aa40ecba65f1f3714b6df5b79
SHA512848f5301c437fb4b06e3e7deacee5f25a13777065d7960b9028beb37e728a8ceee19264a2977812db3f8c3ea3c10d7fc4f78ffa515ac0e30ebef7244f546cc90
-
Filesize
6KB
MD593d85f91e62f4b19a6910223d0e0e030
SHA1ad54d50a5e2800019dee0b14d16c9cd48b3119da
SHA256473a9b5164b2ccc02da0d4efa4feb2215799a7429bf46dd509868fd939f06ea5
SHA512446ad83330cabc4db7a059ee03538033ff2d754e10b8cf8958b2c8936da51bf224bcbc92b69e86561ced747c3e8b47cbae46ee5a1e4050c1ca59685a847d7540
-
Filesize
6KB
MD56f9a99b1bb66e68373d54ef0059c000b
SHA1165db4e34c0210b272620c904339270cedcc2090
SHA2564ef42f54ed311f8cf9acdc3a6f83315f393cc2960acd56897399220eb39c1624
SHA5123063c8a20f8d64e1d2cdff296e0ec7a428d42414cac34dae487c0527462f79cc4b3168efeaa147008e549bf07463b9a32bb8c44bd435c0fcc2e0ad7c34bce243
-
Filesize
114KB
MD5a722351390c3f1daa32c9d0e58350911
SHA151e65302154de9e86b986b246908b1f6c83f1b44
SHA2568bfe78c25cb4da4278245f5b6fcde44def0e623e3d3e4333ed5de3ab3542de3d
SHA512c2a56606d53e7df7e233d50cafa5ea745c82f6057dc3a5dbe2480a260f2a5bcc94220332ad85e65e5e66c68b46b30c9b7ee5f5805e2b487d2393c25798135828
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd