Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 21:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://fonts.mailersend.com/css?family=3DInter:400,600
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://fonts.mailersend.com/css?family=3DInter:400,600
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546662220569824" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1596 chrome.exe 1596 chrome.exe 4952 chrome.exe 4952 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1596 chrome.exe 1596 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe Token: SeShutdownPrivilege 1596 chrome.exe Token: SeCreatePagefilePrivilege 1596 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe 1596 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1596 wrote to memory of 544 1596 chrome.exe 88 PID 1596 wrote to memory of 544 1596 chrome.exe 88 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 3316 1596 chrome.exe 90 PID 1596 wrote to memory of 2232 1596 chrome.exe 91 PID 1596 wrote to memory of 2232 1596 chrome.exe 91 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92 PID 1596 wrote to memory of 4800 1596 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fonts.mailersend.com/css?family=3DInter:400,6001⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbce1c9758,0x7ffbce1c9768,0x7ffbce1c97782⤵PID:544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1812,i,3338417559993171087,1398881511465089411,131072 /prefetch:22⤵PID:3316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1812,i,3338417559993171087,1398881511465089411,131072 /prefetch:82⤵PID:2232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,3338417559993171087,1398881511465089411,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1812,i,3338417559993171087,1398881511465089411,131072 /prefetch:12⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1812,i,3338417559993171087,1398881511465089411,131072 /prefetch:12⤵PID:3540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,3338417559993171087,1398881511465089411,131072 /prefetch:82⤵PID:4540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1812,i,3338417559993171087,1398881511465089411,131072 /prefetch:82⤵PID:2724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 --field-trial-handle=1812,i,3338417559993171087,1398881511465089411,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4952
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5064
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d18bb4ac80a8c99f60d504a81a1eb6c7
SHA164bc14b8a30a2474ca79d98a055370c9ecd34fee
SHA256e351de85a47cbced9030b3ab6af0a4634c4568b4d2d6a86c792d5fb3536b1691
SHA512abe9060b5604b139852d87ef008e0443c02ff26adc46f666a10715646481e005996b2dfbe8687dfc92f187714ca2b57c07320fb18f5b00b2b1432bc88f84b7c7
-
Filesize
1KB
MD56884b0dbdf5dc8bd0698a51788adcb36
SHA1a258d39b53689102d815cd2a9cb96b00cab4f70a
SHA256919e5050743ecaa68d99247b56c213747bed85eb99bc83d55fb3ded59a984114
SHA512a1d643bba82f6fcff6ced0767ac356068abe8bcf9df8315ec3f1ab34c95db1e4def18194984024af57d2e2982de22af1b482b95c400d5b3a4b493c5fca2da3ed
-
Filesize
539B
MD53d96183e7cf34ce95dd6b026207ca1d8
SHA167ab1805605026382d55e22a250ab2e759e102cf
SHA256a851eb5ac27c483b0248722d75c47e879688b267526fbe3a6a36d64accf0bf13
SHA5121d0f9a7c2b4aa1174e1b0cf90fb289f972b875d51aeab7d20fe4edbba2598c4de901cd3cbd4a79614e4a1a1efba605e2b98f8949d21e9e5c3c20c4188f134708
-
Filesize
6KB
MD5605037a97a0345e96683ca6d13ce5c72
SHA19c5c73cf44a971f10a65c356abcab74397bca152
SHA256fd3621a2e785d8df61b3678c81c7e8ee5ace1b3291536ed30722f76bcd73248f
SHA512b5164c2ea239e12eb42ab12e4b9cf422969b5f37cd878f835a31b022979c6f6995020e3c84404cf8d2ae964ac9184c437aa1e1b0d655025e27324a695069217d
-
Filesize
128KB
MD5a3c23bb0cceb1381d362f4633bfd5dfa
SHA1bdcb8642d454e944d67cddd37c539980ca35837b
SHA2566659e55313a7b29f9cf6aa9530fcefbd26c18d371d2942a4f12a1d086b62531e
SHA51298dae7b30f4bbb8d6381d8c38b665ed3985eee73cf437bfe0fc4da3d205f4cca934eb6735dd793b30194dbdb0f0371bf720f929834bf2a40cd9330a261476e88
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd