Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
299s -
max time network
301s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 04:54
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://wsjpoliticspolicy.cmail7.com/t/d-l-vurikud-drdyikhiii-jk/
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
http://wsjpoliticspolicy.cmail7.com/t/d-l-vurikud-drdyikhiii-jk/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546065007785924" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4708 chrome.exe 4708 chrome.exe 5116 chrome.exe 5116 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe Token: SeShutdownPrivilege 4708 chrome.exe Token: SeCreatePagefilePrivilege 4708 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe 4708 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4708 wrote to memory of 3796 4708 chrome.exe 87 PID 4708 wrote to memory of 3796 4708 chrome.exe 87 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4036 4708 chrome.exe 90 PID 4708 wrote to memory of 4536 4708 chrome.exe 91 PID 4708 wrote to memory of 4536 4708 chrome.exe 91 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92 PID 4708 wrote to memory of 3564 4708 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://wsjpoliticspolicy.cmail7.com/t/d-l-vurikud-drdyikhiii-jk/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9ca69758,0x7ffe9ca69768,0x7ffe9ca697782⤵PID:3796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:22⤵PID:4036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:82⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:82⤵PID:3564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:12⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:12⤵PID:1032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:12⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:82⤵PID:4964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:82⤵PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3828 --field-trial-handle=1864,i,14104509964985333388,10556940280286872866,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1916
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5302590c1131d42980fcf7ec91a0b66a9
SHA19b9e0da41523ae5adcf9ca8fa2034c1cddd60d0e
SHA2561d661ebfa379b2b770fd325a301b30d510c02f1afd8b5d78b9884da50434009a
SHA512cbb8cad13e57fca1d65b0fdc6c7d55daa0af17c076d0dd0b9bf0a6eadde3ea7154c403ceb861b9cd59c60538fa15d3072203e101de329357b029353503c8e1ae
-
Filesize
1KB
MD5c6425d10c6487cc0e1b378c146cc35df
SHA1cf8d96391714aa0b0494f2355f155633278cda9b
SHA2561f429cd83e50164f09425221c83aaa6f5d5002c09c5dd014c95f6531fdcf1859
SHA512126d0a6034f62d1eea8fbe43c298ce2b2332d7fa589d99e07aecf4347836c15a0ad58d97a44325ce879a81e4362e42c7e8ac01cdc0ddfc6bef0c22dd1fe5a3ef
-
Filesize
6KB
MD5595231c440c3562edf953178df2cfcfd
SHA1eb449fa27a549a7d62775e0f14f3883f03a86673
SHA25605e97ca67dbbc6fdf860c442fc454654fe7e40601792eafdee1958d7a8311d00
SHA5122860c57b7ed248d0c15329fef9fc90b6d52e531e2a138277aaff086fa0c684692439ca66b19ea04b87b308e4d27dfd013e30cf4fa60290ab8e9c6bc56cfe8b93
-
Filesize
6KB
MD527283c86e5b7c37209bfc499911b0a6c
SHA103a94c84f8d3f53d995f4ddcfd09634fac13a90f
SHA2567ae94e94281cc6ef9c20b714168005af23c815a15511c15190f348325a6d983b
SHA5129af0ca4091c209fffb0cc06fc9ee968a589865dbaf776d539eaf9ffa8c307c25f534138bda2cf21239e49ca8b15880f0fa795a738d35ddb0d02dbbf8f03d5de0
-
Filesize
128KB
MD56d061167202d2acb4c9f1341aabad269
SHA17d4d91360e5c299b72ac834e91de56417fd58504
SHA25612d0f99e62d1cf000404bf1c1eda7b8c03417a63aefce7fc76b52cd355cf56f4
SHA512a2937daf041f4d4918a9c709b6eb7fc8e50d6f62c3f180a42173c0e73eaae0640c531668b424512749858bcb8987fd3b1748e456f997e07b4722ffc5cda27a8f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd