Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
302s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/04/2024, 16:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://89.208.106.112
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
http://89.208.106.112
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568077769922551" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5112 chrome.exe 5112 chrome.exe 5900 chrome.exe 5900 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5112 chrome.exe 5112 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5112 wrote to memory of 3032 5112 chrome.exe 91 PID 5112 wrote to memory of 3032 5112 chrome.exe 91 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 4116 5112 chrome.exe 94 PID 5112 wrote to memory of 3332 5112 chrome.exe 95 PID 5112 wrote to memory of 3332 5112 chrome.exe 95 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96 PID 5112 wrote to memory of 748 5112 chrome.exe 96
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://89.208.106.1121⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73879758,0x7ffa73879768,0x7ffa738797782⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1876,i,9119447308711896039,7701562403499648066,131072 /prefetch:22⤵PID:4116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1876,i,9119447308711896039,7701562403499648066,131072 /prefetch:82⤵PID:3332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1876,i,9119447308711896039,7701562403499648066,131072 /prefetch:82⤵PID:748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1876,i,9119447308711896039,7701562403499648066,131072 /prefetch:12⤵PID:1392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1876,i,9119447308711896039,7701562403499648066,131072 /prefetch:12⤵PID:1580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1876,i,9119447308711896039,7701562403499648066,131072 /prefetch:82⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1876,i,9119447308711896039,7701562403499648066,131072 /prefetch:82⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3952 --field-trial-handle=1876,i,9119447308711896039,7701562403499648066,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5900
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=752 --field-trial-handle=2260,i,9938964625802268469,1928462186077019554,262144 --variations-seed-version /prefetch:81⤵PID:5624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5e7a2bb050f7ec5ec2ba405400170a27d
SHA1e8885544bc4907c65b2479b8a5db4d3acd0cc6b6
SHA2565c8b3ffa823046dcd23e2336195218e3ddf2823c1fe2252c4e5fa618413f5b84
SHA512cdf2ac471b1d660e42510d85f79f3703cd4d979cbe46e880d01abf1584a50dee9183c7c127dfb557217479a4d9c7ba29a8f1ecc9ca15b930c61a78874508fc87
-
Filesize
96B
MD5ad3121ae0fad9c88c9720527bfb431e2
SHA159163123b8470684aa8920dd2810208ca88fd556
SHA256e4f5203d2cfedeeba264f0f05d096ef2635440c103836efed6f400302fb2669c
SHA512f43212628fb7381891e408768f292873a3e90b9f848c121c59d7b826f135af2b1397fe87115b2d3a2505bd722d43da91a896a8c606faad055c512d163657b146
-
Filesize
885B
MD5e52411948cdd51a13489d596ada41f6c
SHA10e8f6c17411a52fa925813588ad59d773ca46f2e
SHA256e41c3d63bf0fe193b423a9ffe0d7fece60b6dc48bbd6952f7fea0da1566be58d
SHA5128dbfa7e11678bfaec9fbe1c7e4692530378e1a6fcf9a774b1dad41cdd6762cb6434bf796daa34efb55ba1e589b6c92cb73f0a25f2d536d0211983c7e62db6907
-
Filesize
6KB
MD5fe5c912244502a59ff46514148316946
SHA17099d20667c7692e2c13319982ef52ae41394385
SHA256738341e2fe94ade8a768b0780fa5ae2287de1c656ceb293e6e9895a7919dc3e5
SHA512af3dd1efe8e6604df9bfd77752c473a65af16b72b4e6947a5ed9c01fe5e96652acd6474be38f7c3a8643f5be06bf1a1938afd87bdf5198e71ed875742a20aae7
-
Filesize
6KB
MD53b72ae2c5e2b53b90a21f5de2cffede5
SHA141b3b31d8daadba8e53da3055a3802db6fecc77c
SHA2561de5fa800a20bd57e25cf7192018168c0b59a08e3518c92340706f7a9ddfeabb
SHA5128390e6ac613074f49071bd54890cff8c1e4bfaf3f0bf2d9761306afa114a5199d42cb38ba211cb5618f18ed6a8ff7c96ca66af6b97a6f18c8e4973bfd8f350ec
-
Filesize
253KB
MD5174a900dd51d0cb1241d27fc9cc483d2
SHA10ea60c589ea1eb7811994d81417c3f4160536131
SHA256ab9c0ea59d0b038ca70a59951c91a60c139f14ac15c43ede3246b5377b19167c
SHA51203aff2af585938fdefa1c76cfdcbc79dbfea00e54405af2be60ef26a7d84fff8f62284172061be5a02c26a60076a9c4673ab79763584fe83d69317db5c6151d2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd