Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
24/01/2024, 04:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cm.cmbuck-oem.com/m?mid=65a7f5981d79830001ff6bfe
Resource
win10-20231215-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
https://cm.cmbuck-oem.com/m?mid=65a7f5981d79830001ff6bfe
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133505435184944829" chrome.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2020 chrome.exe 2020 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2944 chrome.exe 2944 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe Token: SeShutdownPrivilege 2944 chrome.exe Token: SeCreatePagefilePrivilege 2944 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe 2944 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2944 wrote to memory of 3808 2944 chrome.exe 20 PID 2944 wrote to memory of 3808 2944 chrome.exe 20 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 1660 2944 chrome.exe 62 PID 2944 wrote to memory of 4328 2944 chrome.exe 61 PID 2944 wrote to memory of 4328 2944 chrome.exe 61 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60 PID 2944 wrote to memory of 4576 2944 chrome.exe 60
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cm.cmbuck-oem.com/m?mid=65a7f5981d79830001ff6bfe1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb34369758,0x7ffb34369768,0x7ffb343697782⤵PID:3808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:82⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:82⤵PID:4328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:22⤵PID:1660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:12⤵PID:4980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:12⤵PID:3508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:82⤵PID:1432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:82⤵PID:3816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:82⤵PID:4188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:82⤵PID:2236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 --field-trial-handle=1812,i,15116761698859145547,9811818598051235165,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4596
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
917B
MD5c108502b585350a28f407d86048b507c
SHA13e42d019e473b2308d860f6cac373735bf0e8170
SHA2567e84adccebd55425f36a0f64fae271d77dcec0f1066a78daa93b06f988679641
SHA5128ec5cc9c01ca4d94f87c0484a297b388add78d7cdcc10d51b988ebd87d509613bd3baec7417dd8a7a5d25215cacd355179d1732d3b9d1551d7541ddc1333078c
-
Filesize
539B
MD504874d05cbd9c2ecd1de5c10c7452028
SHA1b2183ae409ed469461bd70e636edbd9586623127
SHA25621527e7e4369be9228c7ffdd36e93ea062915bceeaa686aff777d90ca0d03166
SHA512fdd9fdc944686d1c0163a33b8f8cfb00939ee8b886e90dea58ab3afd75edafd5e064d2ababa07c86c8601e972a801d382cf840d6cfcb2d3b172d6714516343c6
-
Filesize
6KB
MD5ce4c547a6a688d2f0841afb601ee1ff3
SHA1606a0c3224738ca0af7fea70a033c2a620331f54
SHA256f36f2298e0f8d2ed9e7ed4c3030267dbf946a381a6a90de9ddd94bd7b4022d32
SHA512087306d771d83c8ed0cb4e304034a14e6ef4198ec5851afe9cbdbe97e8d54b0a4c9abe63aa57dde4e77559a240edd736de5958ecd0bdb65695455cac3f712047
-
Filesize
6KB
MD5a44484804dbac31bf7ee2cc7459c65ac
SHA181b578622556b4adc66d92ac4932af7b1e86e72b
SHA256b5e97d53ecc57045d81523fe2daabc3f1ef8a7e35189d8e8e118aecde459b23b
SHA512a006f89dcef381279ee0f908dd9e5c4935b686d5c6891af9d80758e47dc962fb44141698448ba20017cf1c9bc55bdd7ad7db76f6fb5d57faaaa512eab6946f4a
-
Filesize
6KB
MD53940267ef8449be8fba0a0bc8828f9ec
SHA1ed02099ea84b5c32a16b11268d0d4a91b0d65e5f
SHA256f24531c0b32464c76c527ce8e904b13942c276ed461b890b62a4c49c5f2a8856
SHA51255e81abb088a7f5f9e3975672acb9d30f02c963f3c467edcdd9e40410d705026536b7cdb4de0dbba421594c13b9fb25eef800a7aa76878be353073346d7502e2
-
Filesize
116KB
MD509c23c377d073acb442249cde23d2a44
SHA1bd5530fda379adf70cae069778392c224f97d874
SHA256cda7aa5f52d5d5c5272f29adb4f51f23035b7684e57f20879e085ea9b13e5b42
SHA512e5353ad6d71acbc31ac3704e1bf36398bd2de37f96bba6cf5b7f2c842b97a3c8d2eba771350fb3860eb98af2fb8e20224bafbb0493741251be7c2e013d7787d6
-
Filesize
134KB
MD56501d768fcc36fcfb46aa0b0314d7bf2
SHA159065d4f531c5f761f261afd027950561c32916b
SHA2561110907b1186161af68509b0efb847a469f6374ec28b5788b9367b07e1803326
SHA512250324e43c0493c421c9f2be9841863316719cbd3466058f887c994a065762583c7d0f905c72f206c2776a855c8a26ca59c1240e8815a19de1d99f6e3a1aa1c7
-
Filesize
115KB
MD54f440451d256fda0651180bb12978329
SHA1337277898c0e2f658309132fa535cf92aafa8834
SHA2562a1a0ed9150676d3ea65271280e29aa923a3839427c5d986b68957c983730606
SHA5124175d9651ad799be49f1239a45fa4f8857d8c770e71227e805a202700fa406222a6681ea4eaf57ff2e09c39cc5f86a71cc60422a5b71301dd6dbfafc09699193
-
Filesize
115KB
MD50fda95f7ccdb02156d5248c6321629ac
SHA15b2bb0f01221ac4f728277b103d32ef96b6dc149
SHA256d20140ef4ec46d469a67e619fdaa2d102d50419a6b7a1566d84ded79ed2ab4cc
SHA5122bd6f095ddedc6b2d6134f4eb555974f31ebd1ad4e0be14a1c196d0a25200e3250724ef4266dd2a4aacbdb152f4dc65a0c87cc818ef67d3345109c8d5f4ea7c1
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd