Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 22:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mallasysogas.com/close/cloth/move.php
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://mallasysogas.com/close/cloth/move.php
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547573344970030" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 5748 chrome.exe 5748 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe Token: SeShutdownPrivilege 4908 chrome.exe Token: SeCreatePagefilePrivilege 4908 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe 4908 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4908 wrote to memory of 3428 4908 chrome.exe 94 PID 4908 wrote to memory of 3428 4908 chrome.exe 94 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 3512 4908 chrome.exe 96 PID 4908 wrote to memory of 4924 4908 chrome.exe 97 PID 4908 wrote to memory of 4924 4908 chrome.exe 97 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98 PID 4908 wrote to memory of 1240 4908 chrome.exe 98
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mallasysogas.com/close/cloth/move.php1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3e4b9758,0x7ffc3e4b9768,0x7ffc3e4b97782⤵PID:3428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:22⤵PID:3512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:82⤵PID:4924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:82⤵PID:1240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:12⤵PID:2040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:12⤵PID:2212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:82⤵PID:5088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:82⤵PID:500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3540 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5748
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3536 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:81⤵PID:5784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5bea1539fc6c2b02367e3db9e44774824
SHA1905868fa5e0d52732bbef095ba7a7674ae7cf28d
SHA256260246b3084f142c62b65d92b9a71ff8c834989a434e184b62653e23cd5dd158
SHA5123914f2ea983812d6d50a6bf5424b1e19d90d2a306aca143c5bd520e56234b59a84a9368d5329bc1501133281cc2617488bb8cd8ac06254189dc571c486c49118
-
Filesize
1KB
MD52200101504f58165921956eea0864215
SHA12d0c220e5088b766af5130ce4bcf5f2f4f3bf560
SHA256cb2132085aa8d60d9d3f4dd0c6156a73f9678d74169336518da32661add39445
SHA5126f9b893ed73dead07a54d6b9a540229fd4b685a7ec946bf3664a5de07614d14f6780b3645b6c0833a831231833741444ff7c55ea780a6fc1d4078292ad5e1181
-
Filesize
5KB
MD5385e3c68a71aac52306e79d590b365b6
SHA1d6968feeb362caa287aabc0aae50e7c7f79f0fbc
SHA256a335f4a67ac52ae923eb32d8508ccf4c20728e3db091c5ae4858f35fba1e6d8a
SHA512817221402022925d76a8abe39666c868e8910002acd3875a24f1ae7ddc60846a98bc5d01a3431ad9fe72465854c32df4d15f8e2a7d0fbc9cfce8f6e797049021
-
Filesize
5KB
MD52a9272ae93423ce63aacd4a74a786ebe
SHA168a3badf1f7157e09f887e4e0bc7ede9a56ec403
SHA25616b2c873d21a6be8ac9c51a69ede1a0d85a773854689d513018e024a6ee5c7b0
SHA5126be007ad3c048cf72b97f40072c75c872b60463a7bbf82e5c2466505e49534f4ab4fbc71ff280c6b39ec95f7c8e86c86ddb93bdccf2214eeac4f2337b94310ba
-
Filesize
6KB
MD53157ede7ad825ba9a517bb1b78e453ae
SHA1a8eb6ba5518fe561cbb368e5662e1617e0816e6a
SHA256d4026527727842352c149008e68160619c56d6639b1daf80f394fda12e3ba375
SHA51228f9a840173eacacc3b045eeb2c7716bd55e9ee90a8c8bd2294dac91ae60a0e55869a8885b62f3b1d892ad96b0a41a700de726ade69386df3954811971199c18
-
Filesize
128KB
MD5e92c04483f0407e4d13d046c65e13e24
SHA10bfdd8eb15ff646e92488351530671218c8faaf4
SHA25632f4d279db81ffb3f69c20bbb6498f4b42e191201eccd6d3efbc7b66146c520e
SHA5126daa58f90784f17d85118d8c0cac345431fe0e738bf23cdd730313a0c6e09bd23bb4a0d271d438e6b77fac54a2d5804d247a3ccc75454331dd859d93686d2450
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd