Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
628s -
max time network
639s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2024, 15:46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shrturl.biz/e/e_hQ2dytS-IX
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
600 seconds
General
-
Target
https://shrturl.biz/e/e_hQ2dytS-IX
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133542140597702870" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 588 chrome.exe 588 chrome.exe 3504 chrome.exe 3504 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 588 chrome.exe 588 chrome.exe 588 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe Token: SeShutdownPrivilege 588 chrome.exe Token: SeCreatePagefilePrivilege 588 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe 588 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 588 wrote to memory of 8 588 chrome.exe 88 PID 588 wrote to memory of 8 588 chrome.exe 88 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 2572 588 chrome.exe 90 PID 588 wrote to memory of 3820 588 chrome.exe 91 PID 588 wrote to memory of 3820 588 chrome.exe 91 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92 PID 588 wrote to memory of 4548 588 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shrturl.biz/e/e_hQ2dytS-IX1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:588 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb30349758,0x7ffb30349768,0x7ffb303497782⤵PID:8
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:22⤵PID:2572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:82⤵PID:3820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:82⤵PID:4548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:12⤵PID:4696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:12⤵PID:2560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:82⤵PID:1832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5004 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:12⤵PID:3248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:82⤵PID:2456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 --field-trial-handle=1812,i,14058640989953951356,14664654438307106194,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3504
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3996
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:648
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:1976
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD52861a10b39cc51d6392866578c52e71f
SHA1fa992ab42ec06e1ac170442e8d0631f67052155b
SHA25681687ec128b87badb91d8abb1ae1bd39da58b31c48957bf198abf7325dfeb87d
SHA51283fed7786afe192e28ba8cdc5b89b6908f12a79cd5316e3562ed6802aaa8a887948185407e055dcbfb1aa15081f413e98e2f7b3c78048d7b22961f5b00177e9f
-
Filesize
536B
MD57a2b046602c08e397bee433918923d2a
SHA1a5bbd1ce6d2348421658bea53ad7a1847f304c76
SHA2562527a442bc637cd6058f021c33359fa819bc9af88042980e70ff21aaa07801d1
SHA512c4d9dc5329162db415f7a3a4961100d2fe7e7de72c444456cf077af76165315d86241f68965dd96667363310ed1b383f3b1076d798ff17a749c9d34a063d3976
-
Filesize
6KB
MD5e5c32feaaa5fc6002226ca4674a06070
SHA1cc1dc143551af684b351a11d6d1c13107435df04
SHA2565cd9a9ddeba0d0bd239e7277873ee42e3f1a326574331659726dfa1c07e62940
SHA512261e12cf048e22aa0a95f0bfd9e02ba0a8967a886b88e66229ba6cb884e6168131b45f79fa14b806e0e1517bf9e2f018ac178a7d8b5e99917e5b46abcb9ab851
-
Filesize
6KB
MD5a893fc0c36824defa8181e479000d536
SHA168da8686ab5902a1c3f6b3a9966ca181a5d0ea5c
SHA256a59cdd0a072f8adf1ce194a32257d7a5a3309a95f34df138e4c17d7d5d4bc17c
SHA512e273460b626dd6b293164745661887620215a588e98d8cf684f57922c54469c43b158e6da0ec5c6b7cbbb1dffdeb36c17573526d0d71c28cb4f82c9bd52d228b
-
Filesize
128KB
MD598bab42316d5453587b5b0de6fedb817
SHA192436d72f6cc2fb8f452b08c5be96b08bb39fdb6
SHA256a7b5f405a407da6b7d4f679921e3e9d12a227f0701c2d5cc06dbe17170dafd48
SHA5120068799e43213e6c530e4da4662fad42445f47854b64425f2cf85cfa16c7e7e6f0d1d03f956c7bd111d94d402aab17aae5694c92509a70deaebdf56571c3e55d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd