Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20/02/2024, 15:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://e.pc.cd/SOzy6alK
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://e.pc.cd/SOzy6alK
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529173932124725" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3012 chrome.exe 3012 chrome.exe 3776 chrome.exe 3776 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe Token: SeShutdownPrivilege 3012 chrome.exe Token: SeCreatePagefilePrivilege 3012 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe 3012 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3012 wrote to memory of 2392 3012 chrome.exe 85 PID 3012 wrote to memory of 2392 3012 chrome.exe 85 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4804 3012 chrome.exe 87 PID 3012 wrote to memory of 4732 3012 chrome.exe 88 PID 3012 wrote to memory of 4732 3012 chrome.exe 88 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89 PID 3012 wrote to memory of 3064 3012 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://e.pc.cd/SOzy6alK1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed12d9758,0x7ffed12d9768,0x7ffed12d97782⤵PID:2392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:22⤵PID:4804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:82⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:82⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2796 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:12⤵PID:364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2812 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:12⤵PID:3752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:12⤵PID:2360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:82⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:82⤵PID:2908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3460 --field-trial-handle=1880,i,9204651041775556057,606171664229732658,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD5fb08f473927e7838126931e748f37c71
SHA1e30c91b7f43e6587dd3daa52b3b80acefe976e41
SHA256387d23acd7cf265769c564ea20f6a0c0fe66a292b0e06df520c18781420ba266
SHA512f931d1d83973049e60808b9163ecb53b8f57c1c4cba289a4e928ee27c19c8c2e495994eb50af8d41c1502a4cc396d679b2519809f36ad6b2666b091d4fa3f85c
-
Filesize
1KB
MD5297869eaeb42604d24668abcd65555a6
SHA1a51cec34cbaf897949f57cc532951d8058003baa
SHA256be22691ed6e32cc1e8d0939894ef58a7e3c3e5ee056622008aaccf35ae793965
SHA5129c239636f588b1a67c64b1c2613aeb4852a06241eda535552eb603ebd3b5c01cc5d8e1398bd52467982202f173719d2cc31d515537fd9ba931b6205d2017f9f6
-
Filesize
1KB
MD573e15c539f76ae6f380070567eb78e7e
SHA1c7f32c3dcb3b0a04cc0cf7f9770887595b4a4d39
SHA256ef4bc23f9502c2752a49747dbda1ddcc58030034f5140f6ebb0827744bfeb5cc
SHA51281f4e160e2f55fddbb5513d03ccec55b0b7a939eb0d0732b0ba0b989500e38df675176ecebe0785db50c3ecece952a346aa9e9cf983a3707076478583ec6997d
-
Filesize
6KB
MD5036c960cd514741be5463315d5969f82
SHA1eddd6d0f75590e658de85aadcaa249e0f5ff65ca
SHA256299fe37dc12db915baf66d6af7dfa4ccb9ba11b70501ded62498783481eac78d
SHA5126fb4bb9a0b7d9a00a1e510649951c39727723ce11f6bbd4cfedbb9c001401774c3806b080118f57940f0ecf7c734fbcd60072a73af1ae853ec7aa8b43781ec85
-
Filesize
114KB
MD5b3fb9f0ea449cf1059fde8400faf4249
SHA1aebb3d3fb1d2ba60e49710be8b91bf78cb4f5166
SHA256e15ba661b68dcc49000a4bef5896c1ec68e74770055f96b733510a1d235c57d9
SHA5120f321bfe0a4ea8e54fe5a82238e2b942b26a35c886cbfc5f737d4d4fdd92c557a97b42c1c8b40ac16f9d18ab35925ca534dd5fea3392657960dc8353fecde97e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd