Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 15:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.benefitresource.com/promo/sales/?utm_source=outlook&utm_medium=email&utm_campaign=email_banner
Resource
win10v2004-20231222-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://www.benefitresource.com/promo/sales/?utm_source=outlook&utm_medium=email&utm_campaign=email_banner
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523113673070713" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4704 chrome.exe 4704 chrome.exe 1068 chrome.exe 1068 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4704 chrome.exe 4704 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe Token: SeShutdownPrivilege 4704 chrome.exe Token: SeCreatePagefilePrivilege 4704 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe 4704 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4704 wrote to memory of 1364 4704 chrome.exe 85 PID 4704 wrote to memory of 1364 4704 chrome.exe 85 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 2792 4704 chrome.exe 87 PID 4704 wrote to memory of 4916 4704 chrome.exe 89 PID 4704 wrote to memory of 4916 4704 chrome.exe 89 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88 PID 4704 wrote to memory of 4628 4704 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.benefitresource.com/promo/sales/?utm_source=outlook&utm_medium=email&utm_campaign=email_banner1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbda19758,0x7ffbbda19768,0x7ffbbda197782⤵PID:1364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1892,i,4271227580565960726,11268415242253529354,131072 /prefetch:22⤵PID:2792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1892,i,4271227580565960726,11268415242253529354,131072 /prefetch:82⤵PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1892,i,4271227580565960726,11268415242253529354,131072 /prefetch:82⤵PID:4916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1892,i,4271227580565960726,11268415242253529354,131072 /prefetch:12⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1892,i,4271227580565960726,11268415242253529354,131072 /prefetch:12⤵PID:3952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1892,i,4271227580565960726,11268415242253529354,131072 /prefetch:82⤵PID:2504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1892,i,4271227580565960726,11268415242253529354,131072 /prefetch:82⤵PID:1792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 --field-trial-handle=1892,i,4271227580565960726,11268415242253529354,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1068
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5d90ebe1bbdb375f6d27eb8e37fce9619
SHA1e6ac537a96fcfdc25db04fcd2e2bb7ecae79ac43
SHA2568921ad1b98ae2906af0f200240ef04694e050654d6587a46c4cf6a1cae366616
SHA5123a0d5548e996390ef760496f36548ebe44bd4327523facc0b36987dca36339060fe952020cfadfa1bf6979456c7cf2748ab222f45ad3bcfaaece34343640e2b4
-
Filesize
1KB
MD548bf3b33c354eeb0f5987ce609eabe41
SHA166ef2a8fdc2ad74e6869cd40188ab672100617b4
SHA2564c4535908bc7bd2041be7f21aaf628bda9c3e8f54d3c75df0e3a1003b9500378
SHA512259ef53d9e675269b468666624fa88020860f9d745306cf0a5e8ad039be62d8f9ff06b8f2a08c0c55e98b219382fd5a547e8f4016338b9e9326f55a714917472
-
Filesize
1KB
MD5c369cebde5daf6d1899ac9445d4151a8
SHA11413579e930ae39a4705349737e59ce480918ad6
SHA256200e555565b7d2462fd6e61580916475c7e9cd850be330883cd0c9f6ed98844b
SHA5121913c83dac726baf0e9da80ffbf8e11b7ea44f2fed09a5f69e6d123584c4a18751b0d0925dc444b2dda23713e97ec38b3cd1b1df28ac093f1d951d62985673c7
-
Filesize
537B
MD5da9b2b879ab253f7b26bdb09f3867c79
SHA142c9c0204fc4f52aa82458385c3fe1878d04fd55
SHA256203d3d45ca7c6418d14653f245aa8fca52041990f1223e89261d6a36c5c2a0b3
SHA5127525c866f1fc20c8256cf60d5dbccedbfc445081948167aa3e111b7cd042a0773cd3096e69e632313c7100400a496c22fe379bb9ee4ae001a04c912d3e1ecca6
-
Filesize
6KB
MD5626a381b250d579afa8f4ed0d2a1472c
SHA14a6c4cecc0efb04975d903e773a7a1d0a24ac121
SHA256e53adbdbc48dfc4491ad220813ac7a5ea0f4ac79ff7b8230268f632693af2307
SHA512448231253bfdccb4a8de2af5005d25cab828b0ac007273a5fc7b2f89c2480b3eef036d3c22404fd5b360fde2da18a3f4266a006c3cfd5e59d2f9a77b9a15f249
-
Filesize
114KB
MD59c7659732eb58dd71f37c6db56f11981
SHA1b01d6b94bf9dd71341bcd50458f1e2e760808465
SHA256f62b7865e10ef3ac993b4df1511df3466a66d74e23313ed1c8abe0035b2b3fd5
SHA512b0b5f68621b36d83f3349b0c273a003752bd142736372df751fd90882ee6cb615b5f57036e6ebe5040517499262e3496f78f870a082a9b743fcc42baf334714c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd