Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
04/04/2024, 21:41
240404-1j7j9abg73 1Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
04/04/2024, 21:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://r.email.myghs.com/mk/cl/f/sh/WCPzyXJTZ6uvfEsKVOOG2eal12alYk8g/gxJRyhzGC2Lh
Resource
win10-20240404-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
http://r.email.myghs.com/mk/cl/f/sh/WCPzyXJTZ6uvfEsKVOOG2eal12alYk8g/gxJRyhzGC2Lh
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4916 chrome.exe 4916 chrome.exe 4768 chrome.exe 4768 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe Token: SeShutdownPrivilege 4916 chrome.exe Token: SeCreatePagefilePrivilege 4916 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe 4916 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4916 wrote to memory of 4064 4916 chrome.exe 72 PID 4916 wrote to memory of 4064 4916 chrome.exe 72 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3096 4916 chrome.exe 74 PID 4916 wrote to memory of 3764 4916 chrome.exe 75 PID 4916 wrote to memory of 3764 4916 chrome.exe 75 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76 PID 4916 wrote to memory of 192 4916 chrome.exe 76
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://r.email.myghs.com/mk/cl/f/sh/WCPzyXJTZ6uvfEsKVOOG2eal12alYk8g/gxJRyhzGC2Lh1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffed3ce9758,0x7ffed3ce9768,0x7ffed3ce97782⤵PID:4064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:22⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:82⤵PID:3764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:82⤵PID:192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2680 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:12⤵PID:3464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2804 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:12⤵PID:2672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3844 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:12⤵PID:4360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4008 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:12⤵PID:4936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2860 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:82⤵PID:2952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:82⤵PID:4244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 --field-trial-handle=1840,i,15985735845144282444,5183310867079322495,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4768
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
456B
MD5b92b0b24891b5ef18a406f505c3235fc
SHA1d8af35d36fcfaea9e7b90e87433c6396799b500d
SHA256c885fe6efa5d82d0ac3e14ca79e6c43075987bee1e0f8a6e06e63b26c23a7ba4
SHA5122c051a9c34a04c96e47856697b7b970d4bfa01a8195e38913519032c1e87b0214157db8764f83bd5e89ce1789e00c18fd6e59d60208e542a97f0f362812b9425
-
Filesize
3KB
MD5777b3f1fd958084246a0622014a911b5
SHA13672aaeb96c75b9b9a4bc67ea2adec3eb2f19807
SHA25635134fdd2fc9b908b503c260563c1c98d31b7e167cbfdf2fb67674df553fc5a9
SHA5126748459b3e581a3c9fa1f1b218fcb118d3aecb08c1aec56efc2456cce15477cff3df5ec2fc472b56bd8b2cdfd0ec32cb328947b0add83f352326ee38580d165e
-
Filesize
1KB
MD542adac8b3f1fdf01a031429db950cf7f
SHA1897bb74fb53b4b9faa6b287acde0a97025959a84
SHA25697dd5ececf91ffac250c0a2c2373de5448d9f26705817092eb410d773ea1842c
SHA5128b08a8dc5ecb55b704f6d465c6cbd6585081b3ecb5a524337a4658f977b64dea0cd7d4803af7a65ae2d530cd113cd7a917ca1cbd84c2aa2d3194bcf985f5079c
-
Filesize
1KB
MD55ca2dba5f350d6d92ca800cb7bc344d9
SHA1c0df027b052540bf3bd0986169b495b4e94e14fb
SHA2567ced7a23afaf2c8f7d4f2649fe6844fc0b36857b154e803bbecb0967d3c32a86
SHA5123cc9556376120572ef81393061a752e91f902e76d3792a40a534819f7d699a247a4cc404ffa90f5a88aab9325e20cf0ec366ba9a1f4055d206a0174e25f8b987
-
Filesize
1KB
MD5a3f39c6d5ccac90f9d6689c3d87f5b5a
SHA1a11cfc56ae35d679c170c87120337fd3b1177bb2
SHA256513f67b4a4521258088a757169092713bc31080434a7e9a798c94a74a7d118f2
SHA512495a5dc4b30748a2f5f973a4a4517fad50ac5e5a1a73b0e18c0e1450b1dbb1fd86404d079425ceb001450a6e7839d6e9237c74b5ed2e269630753303dc6d57a2
-
Filesize
6KB
MD5df46cb409fbf018149ecd7222fa4a460
SHA13bc5c39b3ace7e63e6cd8b09650d3ca9f3ffe0b8
SHA256c669ab0e0c3ee52c958bb998c04ce0eaf33e6c42d1367049a43c8926510ef9db
SHA512bbe5cd394078d42a9a85f271439b291477ed1a740967eb00d80dd9bd4cb4712afdddf63dba158eefb23d39a66ff9c3da3ce5f64d6188476ad4ce5cce63ba1b4b
-
Filesize
6KB
MD54c8fb4860baf045a0d1ad337821bc66a
SHA180711040662ec52017b3f21d08c87d02db32fe9c
SHA256ed61a606d015b68b9507f025bacb9249b53b3b279eacbf58ad154726d27b2a75
SHA512ad9213b19a8c8e55b118933fff502c95eb5ca408ddcd5a4cec908c606ea9b1ca57e29a3eeb56110f6d96d021d1958ef0e139dfebcf4bdddca337fdc8312b5025
-
Filesize
6KB
MD55906a8a5bf0e3b609d7f10ecd9073fe6
SHA1d5aff9cac9f40b8c8d4c1f6fb17b9c8b99e7b733
SHA2566bb24a9aaa7a80098e0b8c1311371476f766696803c9af88cb7a423f56dc0acc
SHA512e892629b2cfee5b69b49f6e381e98b4d8064b7029762a2127064cfd53c66d5bc8640211cfad5a90cc9ea25d67b02a11cb35d7b6e6776c2d9a9c1fae56a0a9e34
-
Filesize
136KB
MD558a6e4339738d4f6a3b9a97f3130e75e
SHA123197c5d03cbbd7754b50a3e62742b96f3cc271a
SHA256752bac5ebdc6c152204c10f564b1d3f0ab64c2d9ff4c3fef0c71ffd45e3b5e89
SHA5125866ec812242b58c299ce45a5f8e03df6b6566a4826b6b1819f3fc4703a6ded9676ff4f89045a3d534c32e2f299e117eae35c6ab340eb590890dc112c4ec6735
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd