Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
61s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/02/2024, 16:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://epicgamesgiftbuck.blogspot.com/?m=2
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://epicgamesgiftbuck.blogspot.com/?m=2
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528346410531104" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe Token: SeShutdownPrivilege 3252 chrome.exe Token: SeCreatePagefilePrivilege 3252 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe 3252 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3252 wrote to memory of 4580 3252 chrome.exe 14 PID 3252 wrote to memory of 4580 3252 chrome.exe 14 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 4120 3252 chrome.exe 27 PID 3252 wrote to memory of 1808 3252 chrome.exe 26 PID 3252 wrote to memory of 1808 3252 chrome.exe 26 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22 PID 3252 wrote to memory of 924 3252 chrome.exe 22
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaed209758,0x7ffaed209768,0x7ffaed2097781⤵PID:4580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://epicgamesgiftbuck.blogspot.com/?m=21⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:82⤵PID:924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2756 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:12⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2748 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:12⤵PID:2144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:82⤵PID:1808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:22⤵PID:4120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:12⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:82⤵PID:3800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:82⤵PID:3232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:82⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1952,i,18320964390401743923,6120755152475224682,131072 /prefetch:82⤵PID:1352
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD512fc7ac52b2630073b94ee1ca388be2e
SHA18979ac0c3cc65694e3498af55bfc6266baa215d0
SHA256300ef03c721fb3c5f2e36942fee9bae6276e60bda94762921dfa8117fc4ce0a3
SHA512747f55999db8f074ebdcfd8e9f84c70c27fe0be648e11e4611ebf3979a722ade8ef903489fbe0224bb704a3c5d8f644112d9cbf61cbc98cbbaa00a8274d249dd
-
Filesize
1KB
MD5aaa04871355ad057e1c5e9bf0e0316f0
SHA1c23ed9a9088ea884b1506ff4a4d9b226a2887ada
SHA256909c6915db7e2d7f66d315c1a6ff003647981d1ee8d1c63d7d47e356d3e86d84
SHA5126078a2c59e12be3e8dd5085263f9cd3585f08de34ab9d0d8c7b68326f3a4ccfb46692763735648236538307375db63c78ae7e0dd3728a60c8ebf060c1c820998
-
Filesize
6KB
MD5f7ea027032db5be558eb3cb767275e63
SHA1a6a36f3288ef35ccbb602184abc0a3c9d5d3f165
SHA25650395124a22ea125fb9a60ccdb56796e05e7fae21972af5c55cce891fce70502
SHA51261102058960dae35751144c4162da59cecf682b107746c72bba4208775e2c05db605e0e738563a32c3dcb014d5724ea8ebda84227fa892a41c851a42f9d281e9
-
Filesize
6KB
MD5b03cd35fb0240a3c17b4ae53faa86769
SHA1b4423ef898178d932aa7678b43780487451194b7
SHA256667a5dc87827623a6b27fc02a51ffdbc8e5155131072fa6ea57ff3bf11a61e9a
SHA5125977caf1ba5ce67ca184c6b3e977515656ec2028cc01d20f9f529e9b0bdb352b857ae963751401da51dc29441551569b407e6c66cc4bd13eda0192e0561643bd
-
Filesize
92KB
MD594d9c3681a10a14d029ca65a7732ee57
SHA14da140f85efbd3694d1f1a3d3628a4a33e38a014
SHA2568ead832005d9e7b4cd0fb568fb31aa9f0256c575f532b22f4aff0e4c1012443c
SHA512b6c156b203edc2a6a48188dbd8a414ccbaff23878969191d149db39ff258ea56faea9bacd1dbb973c1133fe11b0e4ef6bf91935427d0943e18467224cc870842
-
Filesize
116KB
MD5c7786f492819d30f86fa7e6246fc2024
SHA14b218fca77cfeeaa12ff5195f2e8f47a6d038ecc
SHA256245c478a64aed953fd89ade806a72ba7f7dbf66033ceff71f3bd89c77d0ab4a4
SHA5128408b359adaf8ba8af3de9f9276bf81c46481141da92081814b4afddb673e0106b2d096f711fd1a1372ab741ed54616de86a79174b42fc2fb21c7eb169dd54e9
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd