Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
209s -
max time network
202s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2024, 23:13
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://islandcloud.co/d/4xXXXoPXEZIkVx14dBJ2iX7kxeLjJkIX2ejWGdZ4
Resource
win10v2004-20240226-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
https://islandcloud.co/d/4xXXXoPXEZIkVx14dBJ2iX7kxeLjJkIX2ejWGdZ4
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536356217270689" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2344 chrome.exe 2344 chrome.exe 1332 chrome.exe 1332 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe Token: SeShutdownPrivilege 2344 chrome.exe Token: SeCreatePagefilePrivilege 2344 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe 2344 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2344 wrote to memory of 3420 2344 chrome.exe 57 PID 2344 wrote to memory of 3420 2344 chrome.exe 57 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 1660 2344 chrome.exe 92 PID 2344 wrote to memory of 5100 2344 chrome.exe 96 PID 2344 wrote to memory of 5100 2344 chrome.exe 96 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93 PID 2344 wrote to memory of 1136 2344 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://islandcloud.co/d/4xXXXoPXEZIkVx14dBJ2iX7kxeLjJkIX2ejWGdZ41⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa04589758,0x7ffa04589768,0x7ffa045897782⤵PID:3420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:22⤵PID:1660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:82⤵PID:1136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:12⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:12⤵PID:4280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:82⤵PID:5100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:82⤵PID:2204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:82⤵PID:3792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:82⤵PID:3152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3908 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:12⤵PID:4364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=748 --field-trial-handle=1872,i,15455430681540092875,2521486279127983791,131072 /prefetch:82⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2156
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c3c01909aa1b0de26cfb6523344a31fc
SHA16a106da2cc1242fa44c835cda53b96ed8f54b98a
SHA25628af9db3325952b271a46ee498d0cba8d2457717b0466291578c3994f8dbb97b
SHA512b053b6a1de3c4b9dd9f127e489cb85364b9ceab024a52fda7172b0b88f5d59e3c6ca9d0db1c5aafd342bada1ff1d598b93a187059db84f512b386cdfefce7969
-
Filesize
6KB
MD52fb2775ab6c6a1fe7d84f8872c8bca0d
SHA1444798e442d9d4267422219df1365b4b2869eb3e
SHA256d03ac51a6b123aa62896d7aa5b4911c3761a593012fe7572b46c2a637a920f7a
SHA5129187c979352202d8ac59627f5106fb4c136214712747b43d0390d4c970b32d2bf56b1a472ac369946163a4366bc7d43f6b88df62a0350e442e1a796c92dd27a8
-
Filesize
128KB
MD55bbe6222140a97000621f226b4716ab3
SHA1695c549b27290797228d4c1bfb7f22212bb66f6d
SHA2568213804821182c918eb99281daba58c0caa8686084451e46a396de86de38bb02
SHA512e506b1b0776b868df2e0e82ea2516862a1a4bc53be6547ae53e13e29d144f8c98d2e387d6b09c24bf83f4a33bc60f0388f02080dc69665a741417c955617a711
-
Filesize
128KB
MD5a5ffb92b07ee9c40391d5b58d99e8d1a
SHA184e9ada42edc26a79fa8cbc0e6bf2fd6b8da968c
SHA2560e209561f32823a19caa0a69fbe7964eb6dfbd80a0d952009f7493321a2b6a98
SHA512dafe5c11682a2c0b7803f50ae62bc945cd4dd0ab5741452ae13894d26f77cfe27ee38a32f0fa40f931e836d2ad1e7880ebc11ac5575f9ba9a492a1631b8e6a08
-
Filesize
110KB
MD5d11f3c40df2c14afc560f02b3e89c18f
SHA117ffae47a13e64ce0759690b23394662ee4977f6
SHA2565261b41e35b0f43942bea769380626bdc0761d590d2a2fdb8f1334f3eb6154b8
SHA5121a9b8b3cdab87c0131dff5474d665138a2756d68d0c62f0f3f41e2d72b75c17c8c91c48c796fc4ecc91ab78b24dd6e9e647f4ce66a22577f3fe4323d4d49e5ea
-
Filesize
106KB
MD5ba9daf94b8cfd5bdc1776597783b1553
SHA1d1bb3a4004197f30e17b174258444a2640ac6135
SHA256aedd5ca832c864ea07b573d51771c2e1f80015c8fa45bd270f7df89294da07d1
SHA5123bf53ea83b77226778f23cf0a1186d7f7d2706919a705ce9fcb5f9fde1830a83268ed915130b14ca928a27c8f5b2d087da99e0e5f2fb29ed3fb81ff33fc4784f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd