Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
68s -
max time network
66s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2024, 12:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6UixZDOfuAtOG03i8jDevoUBM-3D92fI_gzAuu0gRYdZuzIQWeoqwPUSJWH6nj-2F5jhWhK4xDxIcrH-2FRV9KfZ2qp04WCTIubV3WjXzGWX6Dan-2FAN0jiXbS-2FoGYZjznozcYYqMM2bKSLhuxtGb5FwqXdVENw36ypBMAYecZprxifyItLlqCD9WnHYJKl0pr0y335qumYLlsQ0yX70gDEZdmt965nQIBUhdt4SpBlFjZ1kEPr-2FoR-2FykA9XH-2F4LlR-2FkvnmnNRKMtaxfic0xycaPp7r74FH6tB5VCDGliGgXw08m0Fhbb-2FSAt7dSbVSi-2Bbs94ybH5pcR9nayIt0TAXTL7C7mvJDB7vWBLL#mMS4yQDMuY29t
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6UixZDOfuAtOG03i8jDevoUBM-3D92fI_gzAuu0gRYdZuzIQWeoqwPUSJWH6nj-2F5jhWhK4xDxIcrH-2FRV9KfZ2qp04WCTIubV3WjXzGWX6Dan-2FAN0jiXbS-2FoGYZjznozcYYqMM2bKSLhuxtGb5FwqXdVENw36ypBMAYecZprxifyItLlqCD9WnHYJKl0pr0y335qumYLlsQ0yX70gDEZdmt965nQIBUhdt4SpBlFjZ1kEPr-2FoR-2FykA9XH-2F4LlR-2FkvnmnNRKMtaxfic0xycaPp7r74FH6tB5VCDGliGgXw08m0Fhbb-2FSAt7dSbVSi-2Bbs94ybH5pcR9nayIt0TAXTL7C7mvJDB7vWBLL#mMS4yQDMuY29t
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133501400734887187" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 496 chrome.exe 496 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe Token: SeShutdownPrivilege 496 chrome.exe Token: SeCreatePagefilePrivilege 496 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe 496 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 496 wrote to memory of 3360 496 chrome.exe 87 PID 496 wrote to memory of 3360 496 chrome.exe 87 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 4880 496 chrome.exe 89 PID 496 wrote to memory of 3460 496 chrome.exe 90 PID 496 wrote to memory of 3460 496 chrome.exe 90 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91 PID 496 wrote to memory of 3756 496 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6UixZDOfuAtOG03i8jDevoUBM-3D92fI_gzAuu0gRYdZuzIQWeoqwPUSJWH6nj-2F5jhWhK4xDxIcrH-2FRV9KfZ2qp04WCTIubV3WjXzGWX6Dan-2FAN0jiXbS-2FoGYZjznozcYYqMM2bKSLhuxtGb5FwqXdVENw36ypBMAYecZprxifyItLlqCD9WnHYJKl0pr0y335qumYLlsQ0yX70gDEZdmt965nQIBUhdt4SpBlFjZ1kEPr-2FoR-2FykA9XH-2F4LlR-2FkvnmnNRKMtaxfic0xycaPp7r74FH6tB5VCDGliGgXw08m0Fhbb-2FSAt7dSbVSi-2Bbs94ybH5pcR9nayIt0TAXTL7C7mvJDB7vWBLL#mMS4yQDMuY29t1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:496 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff9566c9758,0x7ff9566c9768,0x7ff9566c97782⤵PID:3360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:22⤵PID:4880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:82⤵PID:3460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:82⤵PID:3756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:12⤵PID:928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:12⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:82⤵PID:3868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:82⤵PID:4088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3784 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:12⤵PID:1500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5412 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:12⤵PID:4448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3136 --field-trial-handle=1852,i,8134111034656503180,8399632739414182727,131072 /prefetch:12⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD545a7d9345ce24184883bca64ad954bc7
SHA1f7b25fad718b6587eafa3c194dd9a26bafdcbfe3
SHA2569bd1f037d80b11572acd6b60fbadd7e17b9d1f1da67fe237d28c3556d0928239
SHA512a46ffcf314c90263de59b1e1a28b9819b82d875dc745a9f07f2f7537a6b3be24508360f3da562f4e0d9142a8c6ec4b9d597cd43a8ea1848051081f372c7c8f09
-
Filesize
1KB
MD51ab4d932b9c4eebbd29049222323c465
SHA1c7ceb200d4fd6b81c0fb6a217b19eae79db05e1b
SHA2568c70bcbd9f6f7ccf392a87e57cbc2010a1bfb9127595ecef358faca39a379f69
SHA512937918e7e55fea55b3f8936509afc8dd46d6ee7de562f9b72e60e80b9a286e934a35f3dbc1a9a7ffb9fc9457ccd1a37f85dd381a37f804c51b16cb0237c562e0
-
Filesize
536B
MD555d334b523759fea3d0aee3746d2d8b5
SHA11137d6dfa94b06cca8fe9d248365dfa2d45d4ab0
SHA25668e6ebb69762135e6ce7e8e870ca2ffe1c2cde091a0b4338ac8223c9f5bbaa88
SHA5122be47f6deaf96c27cbe4738807a8afecb16fe758f95b517311189bc6d623f5869c408a6008733e7aa4f67f3bd077ee75562d25c31613295c941f28a9ca63d0cb
-
Filesize
6KB
MD51947c2af4a750d877b118186bc81ee88
SHA1a48c5a2967995e81bf2dee8375039bd9daf4dca8
SHA2566354eca906836b5664aae268742e7f4dba12da56513ec8baddbfe5c1b6c155e0
SHA512378d477074858b4c0cce62d9eb0a95d7fd45fa1977274c880ee3133659a0fbdb5d5665b0c029f342c40b17960fa58291a5c239b4862b8c9608e3f95d01480bf9
-
Filesize
5KB
MD5b758bb9de75948498dbd537452788868
SHA1959e3bd7c2f26934504009fcd8025e27796cc87a
SHA2563fc8023ae9c0e2daf23cf4fcf4c2ece0c96a6870032232ab54824d426c33b9a5
SHA5124977d116775e33870ed7699c64f49e1065f8bf32841babc12dcafe8441f61cc483f13cb27e2e4267647b1dfd2dd34686d6ead073119161881920f3d1ecd341cb
-
Filesize
114KB
MD5464b9442e1934ce210b07fdf4efd37c9
SHA141c50671dacc638dfcb30e387099e7e62f59fc09
SHA256aedf2b0ea459f7df18d84652490fa48ec08add8d388bb036b52d06bec61a9266
SHA512d6d8a39831975182c3b495d00949ccbd2c409ecef61cfd456ffab0705c081ff4118effacfb2f1f1e6d14f9848997257dbe6374117f1922e61f79b3cd1b49fb40
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd