Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1799s -
max time network
1685s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26/03/2024, 17:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://discord.gg/77jgNRQv
Resource
win10v2004-20240226-en
windows10-2004-x64
10 signatures
1800 seconds
General
-
Target
https://discord.gg/77jgNRQv
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 21 discord.com 23 discord.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559521412470156" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{586FCB5E-EEFE-41B0-AC5B-A193B383D9DC} chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4728 chrome.exe 4728 chrome.exe 1364 chrome.exe 1364 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe Token: SeShutdownPrivilege 4728 chrome.exe Token: SeCreatePagefilePrivilege 4728 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe 4728 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4728 wrote to memory of 3544 4728 chrome.exe 87 PID 4728 wrote to memory of 3544 4728 chrome.exe 87 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 216 4728 chrome.exe 90 PID 4728 wrote to memory of 5044 4728 chrome.exe 91 PID 4728 wrote to memory of 5044 4728 chrome.exe 91 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92 PID 4728 wrote to memory of 4988 4728 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://discord.gg/77jgNRQv1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe87b79758,0x7ffe87b79768,0x7ffe87b797782⤵PID:3544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:22⤵PID:216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:82⤵PID:5044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:82⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:12⤵PID:5048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:12⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4660 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:12⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3448 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:82⤵PID:4460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:82⤵
- Modifies registry class
PID:2328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:82⤵PID:2364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:82⤵PID:4348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3628 --field-trial-handle=1964,i,9376985695524763891,17831678329173928357,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1364
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1336
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5f4bb7fa09535509767c6fbe72dc0e1c6
SHA11c2a10f2e7dc8b6802b3b3aa1407a6e9291f46af
SHA256fa925468db23d47e8ef16ef334bfdb630dfe63bc418975826bc4e8d04ebc9626
SHA51203b90f5dbb2c15d268aae74071138bae99bdc654143b1104b7d2bfa5c3e5ea46fb66788de59ff6564bec9d8682c51af92258808632ab378cba49dba4d12fae53
-
Filesize
2KB
MD5b89af4d6ddc657305674920b74d39544
SHA125fd020481127d21cd16f132fc5f3016eb821fb2
SHA2569a1028d9a81e175bed566645617f25d73e3408aa01320e4ee8025e8b692d1b15
SHA512ac9b7d33e84accf5c2ec381916392d908d0b6cc9a510c8323f09a5dc514700fb07cd5af40a41a12653e80b3e67bffcf811fb0add9745d7d34112f0e585730899
-
Filesize
1KB
MD5e0e04e05e2719d92318770159d7452d4
SHA10548bbb78dcc43006e7b5cff1f4d1b8cde838f0f
SHA256761986a9c3a189917b1d3003f7ac90283f07efe8709a716363826a88e4d26a36
SHA512da3aa0f6929d7e109c6d04055876440ff98ed2b2999ed6165c26ddb67c87bbb57fc941bd0d483ccd0e1817b941771d5b020f5bae0cea400e59a11aa31457f399
-
Filesize
705B
MD5be62111b98fd3b331555582df43f8706
SHA15b4fa1ee8ced64ce27b9f788cfe7d6cc299906d5
SHA2564ce725bd31a987d075d81f8f87b9b0deca68dc2bb705a97a682f0bbc79414841
SHA512fabd01b2457af8325377bcfdbf6c96b4d75db4ee25f36826765860c75cae57bafd68db5de970825f802702894e164fa7affe7882adb85f99df71781fa33a1660
-
Filesize
705B
MD517488b97311f407b164147a1a004c45c
SHA1e537ea99df0e0e7161440e66928a427c9f483e6c
SHA2563b6810cbf3de69676d26dc5dc8bd5258ded3448b42ea412195235356081798e1
SHA512de65cb6bf44bd24c6615b8e32aef1e3c5ab56fbadc8233aaac0ea1293e584928aa025a0711e0d8a1cf699a8a2b84f93c8af95588405885872e02a9dd4f02e650
-
Filesize
6KB
MD58dc2b5a112b894e3965c30951ad8603a
SHA14278186ccdae8f412fed0a3c678fc32f3a65706e
SHA256a2c4fe1f378133c5dc03dfbcddb02f9fa7a07b558a289af87a34ec4b9a511f5d
SHA5127c7cf58ff048d12afc42380b96a91ecb9f7aa7c6761907832a62a9a99d387c3fd19c7f49c84dec013e5654127c0bb17ef5e537b534ce51eb3190e584cfc40f8b
-
Filesize
128KB
MD5b188657a54172bf2aff2ce16a3aea827
SHA1bb8719dbfbbf3cf55bf11c44225f39f1ccdfcc11
SHA256cc64718cb52723968d454cf3e14d2ffc492b62e5f5afeb61a89fa2362bbf03bf
SHA51243ac7ed847f7f9625decf7dcd3df93ad265cfcd5dce41a454dc7b1ec18df3f4fd3973ea1f46ebb24fbd3b99adcebcca5dd8d73630af1733fc03c2da9c1c56699
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd