Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 14:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://app.clientify.com/email-marketing/unsubscribe/17672/23569533/278575/?email=jcavazos%40mx.lockton.comW%05spceuBe%EF%BF%BD%EF%BF%BD%05%EF%BF%BDeS%3E?%7CR%[email protected]%04%00%00%05%EF%BF%BD~
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://app.clientify.com/email-marketing/unsubscribe/17672/23569533/278575/?email=jcavazos%40mx.lockton.comW%05spceuBe%EF%BF%BD%EF%BF%BD%05%EF%BF%BDeS%3E?%7CR%[email protected]%04%00%00%05%EF%BF%BD~
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523088664165195" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 448 chrome.exe 448 chrome.exe 3432 chrome.exe 3432 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 448 chrome.exe 448 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe Token: SeShutdownPrivilege 448 chrome.exe Token: SeCreatePagefilePrivilege 448 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe 448 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 448 wrote to memory of 1216 448 chrome.exe 84 PID 448 wrote to memory of 1216 448 chrome.exe 84 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 4916 448 chrome.exe 87 PID 448 wrote to memory of 1080 448 chrome.exe 86 PID 448 wrote to memory of 1080 448 chrome.exe 86 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88 PID 448 wrote to memory of 1584 448 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.clientify.com/email-marketing/unsubscribe/17672/23569533/278575/?email=jcavazos%40mx.lockton.comW%05spceuBe%EF%BF%BD%EF%BF%BD%05%EF%BF%BDeS%3E?%7CR%[email protected]%04%00%00%05%EF%BF%BD~1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:448 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8cf29758,0x7ffd8cf29768,0x7ffd8cf297782⤵PID:1216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1948,i,2859067265835130931,1076252424539624199,131072 /prefetch:82⤵PID:1080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1948,i,2859067265835130931,1076252424539624199,131072 /prefetch:22⤵PID:4916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1948,i,2859067265835130931,1076252424539624199,131072 /prefetch:82⤵PID:1584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1948,i,2859067265835130931,1076252424539624199,131072 /prefetch:12⤵PID:4580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1948,i,2859067265835130931,1076252424539624199,131072 /prefetch:12⤵PID:1572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1948,i,2859067265835130931,1076252424539624199,131072 /prefetch:82⤵PID:3272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1948,i,2859067265835130931,1076252424539624199,131072 /prefetch:82⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4000 --field-trial-handle=1948,i,2859067265835130931,1076252424539624199,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3432
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3704
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD5f4b1731c082c19b1fc9681d89527405c
SHA1c6b1d11a709fbaf09a558e0764aab6d43f30a5a6
SHA2562f20303db96450d11b4c59ff84ab3cfa03216064632009d4d9fe41a6db43d05d
SHA512eb30179535785e26d1d841c0ddeaa592d58ceaf9f2b8c4d3b30e2e52d2db63c5e9a8d00ef81b1eb759c783cad6a4583e60596a4ff009ac8eda81c7a4d8cc079f
-
Filesize
1KB
MD5db1fb427fa113dfd732c1e7c172d3a66
SHA1b6621562177f6b40432f22151ab81246af035dde
SHA256958e75e5a35c6479c7c08d2056ae2bdafa2cee814288e6273dde1059683e6d3d
SHA512429ab1e08b8603ed741a48c138d29db71f03dc9817bfc38ac6657d9ff19934d3c9d7dc457199df6e14fbf9b5c973995d48ddad6c2a1e5a3ce0bcc221038e9c26
-
Filesize
707B
MD593a96af0880e59756ca3d56fa3ea1656
SHA12c970ee418abe348fa9a63403f6eab34cd8b1d99
SHA256ad9f596cf615fd1c985ad03ebc2922c4789fc4dd6b9449e802618670d9d60d2b
SHA5124b6e6a305750c5d46695705831c89dffe10702c29ae652454c297d03544649de64676bc29e008d1e0bc32906419b46b2260bfef3e41a57f544461dcba0477862
-
Filesize
6KB
MD5a729068a49ec9cd086277bbc2ecccf3b
SHA1e79ad3ad3cebb606a243f3a9b02acfc4b60d6445
SHA2563db33351fc4889f7302a0d8259a80c26d5718e335e71d0f2d651d29997c89b1f
SHA5125c1070eedc782ee3b3c5c7399e3c6e3be01ff48db6ced2f2731d4b4c1501089080d9d9eb130ccd99afc522c8bfb329222de298232413e123cd5e0785a8b4b256
-
Filesize
114KB
MD51236d55b033114955b97620a17152fac
SHA1ca14bde8f8e9c6586f3982ee5ddfa46da603bc57
SHA2567d6e631ec55aee4c6da645deab9346a8729f09c1fea682ae3a37b3639787b340
SHA512d5e49630f0f3ce47256913756687a91ba545f1397d03950fe390437afbfb866f442b8d72a54ed8ab4428b71a8792c96c15cc2ca22a2cf62dae3c95be51f68988
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd