Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
601s -
max time network
595s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/03/2024, 19:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/kRGg9X
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
600 seconds
General
-
Target
https://gofile.io/d/kRGg9X
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133545739893890523" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 1116 chrome.exe 1116 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe Token: SeShutdownPrivilege 4520 chrome.exe Token: SeCreatePagefilePrivilege 4520 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4520 wrote to memory of 228 4520 chrome.exe 87 PID 4520 wrote to memory of 228 4520 chrome.exe 87 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 3548 4520 chrome.exe 89 PID 4520 wrote to memory of 2096 4520 chrome.exe 90 PID 4520 wrote to memory of 2096 4520 chrome.exe 90 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91 PID 4520 wrote to memory of 4340 4520 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/kRGg9X1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe089758,0x7ffcfe089768,0x7ffcfe0897782⤵PID:228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:22⤵PID:3548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:82⤵PID:2096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1784 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:82⤵PID:4340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:12⤵PID:4408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:12⤵PID:1824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4128 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:12⤵PID:4328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:82⤵PID:3620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:82⤵PID:1404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1004 --field-trial-handle=1864,i,4684754447787631911,6602927077149735141,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1116
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
288B
MD5e338e94bcc89919c86c89dbe195bfc21
SHA1ca51bda6f1ad009cddb9e9a2f2dc9e2244721201
SHA2568dbbac4a6382867982b5e65ab27422a2e5dc55f917bdf4dbd62ece651acb0dbd
SHA512721c8ad831fa702201e8fe7c058c5478bb109de304d5a852545d4f707ae55092f30f113e9b4c4f219a26fabca8dc75de666e394ea9b521ec01ca6b63e949676d
-
Filesize
1KB
MD57ed10af432f1535a93cb46be54b47993
SHA17078f6089f7ee5434b37c1cd9b8edfd6cd931e34
SHA2562a90028ef2c5096adca11b1569bf94496ab62a19392f34f7a3914d84ee649759
SHA512973c80822454c57a68babbd71c163206d79100d560c7faab972060be53c8168ee4d611dec1a05a3514c95a0c4e137aad274d0bcc7349ba6e61db8bf57dae8a0d
-
Filesize
703B
MD5f21cde377b4ace9e197f2d2c35a185b5
SHA1afedf25fb5896e3ac397954613eccb08bae92026
SHA256eccd8d9f61fb879137eb41d8929ce5eb00852be00b0801b593a0a679dd70ef84
SHA51230147bfe3b65d2ab00e28e1cce089c1d83e23104f2e214cbb998b44cf915d3bfa432182a1728a38bff90545b1c576480ef8a5554712a9877c5d653b473cac0d4
-
Filesize
6KB
MD543ea590570f8264e662884751793ffb4
SHA15805bd7f3355a97828232facb9bed4e7a85a253c
SHA256f4deece7b34a1273ca80902e25172d6b3b9ccc1667f533fc6b7c1ed7dd3bb512
SHA5124d6b134cf9a078e04e7c4e62e8a2041673e7dda1e41f66fc5edf53049b555ee2fdec91aedd25909ac743d80094d18b9d88b26227fb14bd091d6327b482409e61
-
Filesize
253KB
MD5c75ab723911e17d8413f4d57c14c7412
SHA1ec097ea973eb4ba3aa87008134477ef1f6fe6ee6
SHA2568a8c9473f5541994d925c005033ca0c27a82581c37f0b543f0accfdf2d4b5d96
SHA5127b18d90773282e9788cd4d684a44b10659802c1865efe261f693553f28ed25f2e71040f9912ccd172dbdca198c99737cafa96ade0db4c795a7b5a26629bc8242
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd