Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
12/03/2024, 08:12
240312-j3w47acd4t 812/03/2024, 07:57
240312-jtdw9aea76 812/03/2024, 07:56
240312-js35raea72 812/03/2024, 07:51
240312-jp9s5aca5t 8Analysis
-
max time kernel
599s -
max time network
591s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 07:56
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bafybeihog4kdcv6u7qpf5mt3zirrdjmanxqsehbx5xxarsugpzzybnhzr4.ipfs.cf-ipfs.com/don.html#[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
600 seconds
General
-
Target
https://bafybeihog4kdcv6u7qpf5mt3zirrdjmanxqsehbx5xxarsugpzzybnhzr4.ipfs.cf-ipfs.com/don.html#[email protected]
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547076007827036" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3944 chrome.exe 3944 chrome.exe 1748 chrome.exe 1748 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3944 chrome.exe 3944 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe Token: SeShutdownPrivilege 3944 chrome.exe Token: SeCreatePagefilePrivilege 3944 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe 3944 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3944 wrote to memory of 3124 3944 chrome.exe 88 PID 3944 wrote to memory of 3124 3944 chrome.exe 88 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 2608 3944 chrome.exe 90 PID 3944 wrote to memory of 1644 3944 chrome.exe 91 PID 3944 wrote to memory of 1644 3944 chrome.exe 91 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92 PID 3944 wrote to memory of 4472 3944 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bafybeihog4kdcv6u7qpf5mt3zirrdjmanxqsehbx5xxarsugpzzybnhzr4.ipfs.cf-ipfs.com/don.html#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3944 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd532d9758,0x7ffd532d9768,0x7ffd532d97782⤵PID:3124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1888,i,9874619884065127235,1227758756337668691,131072 /prefetch:22⤵PID:2608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1888,i,9874619884065127235,1227758756337668691,131072 /prefetch:82⤵PID:1644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1888,i,9874619884065127235,1227758756337668691,131072 /prefetch:82⤵PID:4472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1888,i,9874619884065127235,1227758756337668691,131072 /prefetch:12⤵PID:4316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1888,i,9874619884065127235,1227758756337668691,131072 /prefetch:12⤵PID:1888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1888,i,9874619884065127235,1227758756337668691,131072 /prefetch:82⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1888,i,9874619884065127235,1227758756337668691,131072 /prefetch:82⤵PID:4816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 --field-trial-handle=1888,i,9874619884065127235,1227758756337668691,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1748
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4348
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240B
MD556811551e1c6075c5ee8b0b5505caa56
SHA1ab49d7c99a46ce53812a73bcb00bfb06386aa5f1
SHA2566fef17a561b18ee052592b87f3b800cd87ce5adca041bfdec6a65503df49d416
SHA51203eaae7307c2ba638cd9cdb02178c888570df2ce3de92a3863b608f5d73982edbc86ddd47b0875e910e75aae215b8ae51a97ebaa6066e4f59e9ff9745067b7af
-
Filesize
3KB
MD5dac8a0643b5a146640a29ccba03f6532
SHA1bb7dde499ec8e7959f3d1a52fec2b6e6306bc2bf
SHA256f7c54d74a8cba0eecaba65ad218e9c7c06e2556b61c78b927189685eb8b05208
SHA51254969a6526f5185448f13740510ccc5a71d0dd74446629ccbf3b642440908537bd444045faffdbb45acd2b61f8bb6391638bbd03c30c5d26829db00eea4adf4f
-
Filesize
1KB
MD5a74f6073211ae1ac12f66f4cf7c59318
SHA1d9aa4b8ad9db6649bb3f7ad3349e92fcb0cb8873
SHA25661eebc2ed7484cc751b927305c4c0f735d3ab0863f2c9ef1edbe0539f3a7f4ab
SHA5123770e3f1ff1aea107f1e48284303beea5dcb0b7e16fa9bd552bfd2f9cdb77885aad96bd82d41e6cdd57669f66e592a5340422bced018bc8396a066f8414e7edc
-
Filesize
1KB
MD53dcdf6831385b973568907fc3aafeadb
SHA15b8218f7b715e23f692e0a2b61bde54a5d6232e5
SHA256620890fadc1b3a7018dd2b1e0aa9c0a1af2479a97abc63ed8f238c120f46fb42
SHA51294c908322c994b105e85ca179702ffbe368a6337318d16e3e68bcb9ec44ed3097c8e6d6e384b596dccdc86ce9ac261b1ae6cea21dc9bdda90be51d44c4e91352
-
Filesize
6KB
MD574233a29bd17763a3f8117108fe9e07d
SHA1bf7ca1692339b64289615aff7f8b7222c8a86415
SHA2565478eb6ed4f61da7a3a551322380d7ed416f5619670c8757a40b4a9515d37229
SHA5127689ac3a2bbf6a7b17f179623fbb36ba654f879c24c0853c88e211194fe3db423b57284c16a291c80329007dd5d988bcaa0317e3d90fbe8737b8c1be994358ec
-
Filesize
253KB
MD5f053e2cb1f5b4d3bdb8b0ebbf69bacbd
SHA12bf8de729f2fe8d4e883051df49981f9282cfc9f
SHA256f7e954c08edc64e38eadae86bca701731bef1183b5566c161913480a6899484b
SHA512de461fb726c8ced9dc4a65cf0db58c247e908be2ea0d4e82e9dd4386a49576564a2fee690f2920bfd5c09ff12e523ef08e9030791084e48c7210084950169d54
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd