Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
85s -
max time network
87s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/01/2024, 14:30
Static task
static1
Behavioral task
behavioral1
Sample
Document.htm
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
Document.htm
-
Size
7KB
-
MD5
ee4b8d821217f55a3ca32b2873845c1d
-
SHA1
7c510c9fdc572b94c0b8e7335bab7e92ae204afd
-
SHA256
fceec26d910f28e5876216be18f7a9c0e53b16eada67eb8621a90d88a91d5c9b
-
SHA512
9bc462000dd2bd6161bb624c88cd79e23cc6d6639b3025b5b5d2e470cc31cf6effd1087ad40e7547abcf129db6a6280a40022a88b5108b7af56560177977e523
-
SSDEEP
48:tmT8VVZWlnc9R70sAuVqqen/+9W7aj01EcH7Nr99N9N9N949N9N9N9LNpxNkWvHO:tNy5WR7t9IzEt6ZqUFEJEiuXzvnNyo
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133507530534236077" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4320 chrome.exe 4320 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4320 chrome.exe 4320 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe Token: SeShutdownPrivilege 4320 chrome.exe Token: SeCreatePagefilePrivilege 4320 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe 4320 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4320 wrote to memory of 4044 4320 chrome.exe 85 PID 4320 wrote to memory of 4044 4320 chrome.exe 85 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 3460 4320 chrome.exe 87 PID 4320 wrote to memory of 2076 4320 chrome.exe 88 PID 4320 wrote to memory of 2076 4320 chrome.exe 88 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89 PID 4320 wrote to memory of 4932 4320 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Document.htm1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4320 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956d39758,0x7ff956d39768,0x7ff956d397782⤵PID:4044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1744,i,3811583780935646245,8678155656980711511,131072 /prefetch:22⤵PID:3460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1744,i,3811583780935646245,8678155656980711511,131072 /prefetch:82⤵PID:2076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1744,i,3811583780935646245,8678155656980711511,131072 /prefetch:82⤵PID:4932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1744,i,3811583780935646245,8678155656980711511,131072 /prefetch:12⤵PID:4624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1744,i,3811583780935646245,8678155656980711511,131072 /prefetch:12⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1744,i,3811583780935646245,8678155656980711511,131072 /prefetch:82⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1744,i,3811583780935646245,8678155656980711511,131072 /prefetch:82⤵PID:2004
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
774B
MD5ff7049ee0f6d11f830c52a43796fb6af
SHA18db5efc6963613ea2ad83d6882b4121317c9b3a0
SHA256f7ef3d748421802acfa123ad78c3756bcc8870d7c0f48438e52ad15f5e027104
SHA512def41ca79de230b63eaf08b83570f8b2de3296dc8f02eef985fa08b790cea87ef044ffe8d0267c88dcfed9aae7a4579066997b032c3a5d2c09dc3de07a1d3c78
-
Filesize
5KB
MD5f924b743b4aa4ef9525305ffd7d0a4c5
SHA11da4da053d9a2c75d932e3e2f3ea214a4b0b7127
SHA25696e7cbee3a310027792b253b76b7cf4ef7bd172c51485391351e1925db27f9b3
SHA5128eabce7bd6b547c116f601cb0df9061dac2157b3597e43dbdd4af3c397ed4dc80fcb358f5f78463cf2bf348945cf6660970ffb6be9bea135ae129cc831cc6cd9
-
Filesize
5KB
MD58a24485057e34d410b81b96020d3a2b0
SHA1230b9015883c6a8d6113b49a20745a54b7f8e106
SHA2567b661551a5633d906697403b76470912d183d30f3231b0a75fc5a147e33cee42
SHA512ebe5c7c50ed04e716e886ef01007796285f17dcdee16430f73151caf86d299cb569548b88b924abed4e62d9c1e2f5af6f1b20a059ff115e270d249417b547c07
-
Filesize
5KB
MD5f0862f090ea2c9f722c32578e16c6ffa
SHA10515d7f444cabf995eb64ff707a8202991461334
SHA256022e84ffcb729b16aeca1389e14832a7cbb540b5f7fe63934030ddb02ee1ca66
SHA51220b1391f6a3e181399651a71c525a75872d9f7b172e9b0787373915c2095760acdd4ae9dfa1911e30827ce7dcd020f1d955c099ae98afbfa0929160e9684b5c9
-
Filesize
5KB
MD5a4b701c91ea640eeeeeeacf5272c1701
SHA10135ef813e71949850adc9d09e25106c8b59ac00
SHA25640cee90fbf47d252e39a4b31249d84d70ff575aa99c0103d557a164f321de7fe
SHA5122901766aa7ed23b33c23f64abd302a5a51190248369e0e68f6180d03c6952ec04e328fba8ea75aa87743689cf83fdc6fbc2d05e613a2e82a00ac7e1498a7cee9
-
Filesize
114KB
MD5b709ee56a1acfade2177d7c3502bde14
SHA1678a483cbd2310f7d4e7b6052e8d0b8b9d1a833f
SHA256e4d6c786761bcdb9abb88885c424954578ef08dc655c5b3775a103ca0e0242a9
SHA5128660b7a760d0bb891d421a1ddd45c0214e0e90599981aa8797d99de08f33b49d25031bab3471fb20e54e42946e3a9500aabe26a1e51297a5a37f892b444b1975
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd