Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
209s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-es -
resource tags
arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
26/03/2024, 17:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://livechat.pencil-machine.com
Resource
win10v2004-20240226-es
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
http://livechat.pencil-machine.com
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559465028280378" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5032 chrome.exe 5032 chrome.exe 4760 chrome.exe 4760 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5032 wrote to memory of 3836 5032 chrome.exe 87 PID 5032 wrote to memory of 3836 5032 chrome.exe 87 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 4960 5032 chrome.exe 89 PID 5032 wrote to memory of 2944 5032 chrome.exe 90 PID 5032 wrote to memory of 2944 5032 chrome.exe 90 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91 PID 5032 wrote to memory of 2620 5032 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://livechat.pencil-machine.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa1ec9758,0x7fffa1ec9768,0x7fffa1ec97782⤵PID:3836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:22⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:82⤵PID:2944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:82⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:12⤵PID:4380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:12⤵PID:4284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:12⤵PID:2868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:82⤵PID:1556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:82⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:82⤵PID:2704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3932 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:12⤵PID:2808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4924 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:12⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 --field-trial-handle=1912,i,4201987239371360730,1269701206261294980,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4760
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1840
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6865f8c5-e9cd-4da7-93f2-4f6cde46552c.tmp
Filesize7KB
MD54a66925a950711b712a033285ec82764
SHA10dcd966d9b92ae5c9614793d465f772aaae4355d
SHA2566a167182f3004522927773d57ed7b67b4f959484b2530519b3f65e47a1fd4f2a
SHA512354154f31cda3223be7cae3e5d6a5ced52a1299e827b92d405de157a1c78f898883e7a1bb62f8b3276df51c117f75f39a6ee4aca2a6f9744f3261e764d9b0ed0
-
Filesize
1KB
MD5f1101feb1e594d84aba555eb958a90bd
SHA1412138ee31bc78733c0adbb73d823d5664eb4b16
SHA2561c41be51b41f29e2807dede6f5f2c34bef20cb346e8303a4f55398870abe79b3
SHA5125c71e87d7d61dcf67f14253df099dba240c7551daaf65b629da1715340ed0ac34b0d1f181d666b0ea1e70e49b4c5c11b825195e8d4594b158e4220f4979a34bd
-
Filesize
6KB
MD54ac9db157fa59c398839a23bdb6ebc38
SHA152ae0257c586ab0eddfefb47fc055650970b41f1
SHA2565b32a6fa2e5cf20c35015e08d0cc31304630807b06dc6bec6421637a5af3114d
SHA512653470780832359bd8ce5f143f4c118e5b0ba198f032c61b5ea8479b157c98d7e041ad6c48b323beee3fc81467d2439beb440250f093f784487f6ef81426c1cf
-
Filesize
253KB
MD52a204cfaa5a2032f6b239212df527adb
SHA107075ed055afd0c045ea057e6941885675227037
SHA256a7f89d4195725d971f80311bfc9178329fdb959d1129db1cf8bc2664e2403952
SHA51298e6dbcc7e429941f0b90831b18087874e9c17695d16745a9817fce5cdcb929ee3613db7568119974bc8b0771036f963780e5201325abbb7299fec1afd1dd880
-
Filesize
103KB
MD5eb67ad457ffad416b62c503d64cbf15c
SHA1c2a824b09c76f1971dcb7a71938b498b9b1bb45c
SHA2566858d6f6c6708e84cbf81533bfa7996377c12624a476bb488bcd14754092bdee
SHA512acf93b6bf5779d57f8a73a8b3c412a35c6e27d327a98ed3f7abfa2c9d5dc67d13319c774e35fd206a9a16a1cab7a8a11a2fb9496a786998ee596d5ac2196a6e8
-
Filesize
99KB
MD59b7766affcfa539ed8b68ea77b127388
SHA1101418b8739ae2aac9535268f7ce3192b0235caa
SHA2560e7638ec5540384fb6052b249a9f02f8a7b85d8b3355b6fe279af69cd7f2e660
SHA5129940d25c46e5c92c7f3bd7cae3338a4ada3cef890ed8c8770ba09ac0693f6a42c469d6ac2468c6244bc06a5e836736871eca042f8a9ec3042b40042fed24b82d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd