Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 05:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://go.microsoft.com/fwlink/p/?linkid=857875
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://go.microsoft.com/fwlink/p/?linkid=857875
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546957170225358" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4800 chrome.exe 4800 chrome.exe 5372 chrome.exe 5372 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4800 chrome.exe 4800 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe Token: SeShutdownPrivilege 4800 chrome.exe Token: SeCreatePagefilePrivilege 4800 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe 4800 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4800 wrote to memory of 4044 4800 chrome.exe 89 PID 4800 wrote to memory of 4044 4800 chrome.exe 89 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 3364 4800 chrome.exe 92 PID 4800 wrote to memory of 4600 4800 chrome.exe 93 PID 4800 wrote to memory of 4600 4800 chrome.exe 93 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94 PID 4800 wrote to memory of 2904 4800 chrome.exe 94
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go.microsoft.com/fwlink/p/?linkid=8578751⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4800 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f4479758,0x7ff8f4479768,0x7ff8f44797782⤵PID:4044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1816,i,2406445498586947872,18153389012724012783,131072 /prefetch:22⤵PID:3364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1816,i,2406445498586947872,18153389012724012783,131072 /prefetch:82⤵PID:4600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1816,i,2406445498586947872,18153389012724012783,131072 /prefetch:82⤵PID:2904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1816,i,2406445498586947872,18153389012724012783,131072 /prefetch:12⤵PID:2692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1816,i,2406445498586947872,18153389012724012783,131072 /prefetch:12⤵PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1816,i,2406445498586947872,18153389012724012783,131072 /prefetch:82⤵PID:2856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1816,i,2406445498586947872,18153389012724012783,131072 /prefetch:82⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3648 --field-trial-handle=1816,i,2406445498586947872,18153389012724012783,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5372
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD5c0b6713637ca4d3a135ba3707fd3e7e3
SHA1ba7bdfd685803612dd10d528d9d993576b427b3b
SHA256e7c05ae2be6ec25f55819f7b48a5f5576f27c6cf0728333eaddf484343aaabe8
SHA512e944fc75607a4ca8cee1a0eb7835ceaba3d8964a4fd03cdf726fc0612b9488082946a936673c43d5ac62e391e5b8b09d3467248b8fbb1b8011050acd3590c30e
-
Filesize
1KB
MD5a568553b697d217c9e2255f651486fa8
SHA127eda8a8c511a2a78a7832e12a5d4772b7144128
SHA25691bce69b0f81e0f5529b500a3ade005d1d52fcf0bc5e02befb05399e041400b3
SHA512e57c9213dc3333301bbaeaf192412653c25e5ed10be9d16a81e1521d8c335fe35a08a6db1a16f63f5131533ae95293e335df88f538b57412127ef7e8daf6ae1e
-
Filesize
874B
MD5f178d05dc14ed111360159738b428f7f
SHA166f2ecc6857a809384cf508ebe2a7ad2b6d4b710
SHA256d09ecc9f75e13898fca4d529b86f9cb6a5665f4bc4fa6dd07a4c3a116b4b1d8c
SHA512fc0c19cf03ecaaa5964a2823dfaa940751cffa6e1055d82e9a98b51cfa9c9057deda945e08845cfa63d11fd036f26245038f11dadddc92c942f60977d72e93aa
-
Filesize
6KB
MD5e33a9e70fe613da3e023be0ff0254ddb
SHA17f56b300f967216d7861c87b65497d5b70ade4e0
SHA256b6b625fef754548168af3905798e7f62bd3a7f2fc57003e68ebfb5163978fbe0
SHA5123045d2745121c50d2539e728f670db4d402a0f8edd723c6ec57a09797834c6a8b1a50e70f39561a09e95f41472cd20de7ac614a80655d5cbc075c8cb935cebda
-
Filesize
128KB
MD5ee512b1f4e96c317aac97256be695a89
SHA14afdbcbaf46e88d767c6497eae38cb60d1cff91e
SHA25684f224d5e2349b41852bd22e3e54a23e4f30e258c3707549b9155055c1f6cdd3
SHA5129c819eeb761d48273a114d8a4e0ce704e003a1d6c8b65d6dcc2d05036b45bb4a38b0afaabd0fc1b4099a957b90655d7067e479bebf50c26805f03246be7b3f23
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd