Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15/04/2024, 17:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://103.163.214.97
Resource
win10v2004-20240412-en
windows10-2004-x64
11 signatures
300 seconds
General
-
Target
http://103.163.214.97
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576764622925992" chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2000 chrome.exe 2000 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2012 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2000 chrome.exe 2000 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe Token: SeShutdownPrivilege 2000 chrome.exe Token: SeCreatePagefilePrivilege 2000 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe 2000 chrome.exe -
Suspicious use of SetWindowsHookEx 19 IoCs
pid Process 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe 2012 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2000 wrote to memory of 2476 2000 chrome.exe 85 PID 2000 wrote to memory of 2476 2000 chrome.exe 85 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 3632 2000 chrome.exe 86 PID 2000 wrote to memory of 1584 2000 chrome.exe 87 PID 2000 wrote to memory of 1584 2000 chrome.exe 87 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88 PID 2000 wrote to memory of 4768 2000 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://103.163.214.971⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb836aab58,0x7ffb836aab68,0x7ffb836aab782⤵PID:2476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:22⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:82⤵PID:1584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:82⤵PID:4768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:12⤵PID:2280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:12⤵PID:4696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:82⤵PID:5020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:82⤵PID:1064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:82⤵PID:4632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1928,i,15266905617404437143,11645427905744602086,131072 /prefetch:82⤵PID:2208
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2852
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1612
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2012 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\mips2⤵PID:4964
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5bca13f4dff1e6d3bf3735a0976b9890c
SHA159e6d5ae4c7a93233a8370383bfc892fab68d92f
SHA2563030a6b9961b823a0328e645dc6c4198fce237599fb70b57e88bbdc2ff4ccb8a
SHA5125a934d651c1f5e96cb96f40024371011f7d5756c33561bf01d6eb0d5d3a4dbf846ad2e8a9fcf82c270f158bc8ff8f2e6642327e96ebdb1c030f0374048374655
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD569a83612342f268cc0bb7b2778021517
SHA150ff8c1cd7045ac56e3c7cc28d3c9a0ee43528c8
SHA256bcf7310db909da25a05f9e9826fe3d2ce6cb0905c0317e6df572ea7be30ae56d
SHA512f1ec7f20fd5ef7b62c05e17bf7bf3cb6979c75b285db7f0aafa2214d517c1c8a670273b3991c2b1818e823b451130dcba2cc1006ab16ff006dc7305f4d43e3be
-
Filesize
7KB
MD58e0f6b99b1b33a37519223b757cc727e
SHA1eda7d8c31f6b80fc9fa989af9bb9718328c56f38
SHA256d7bf5d3eb968405850ea350c79a0b2ea97ffcb41c306359bb52d3826764a0aa3
SHA51226a12d9ca50da37b9cb1378101647bf3573945a890896c519ac3c4433bf01077d60b1fe7185da783b4d56ec476fa9307c2fc343d267732856b32a328483d81d1
-
Filesize
250KB
MD5c5f199e5590e3d8ea49d8ed45cbbfb65
SHA154299cd4d7e0d75302609d869c16c8984de2885f
SHA256c8ee2452d47e432ad629aeec5409c36f046eb874c32ebd29740800de1803fca8
SHA512fb069fb4f092a73ac6da189a4ac2f36d7c23d23beed481996dc510aa3e696ce4b3ee17695b9fdb03f99d2655bab593f1e77baf4a2ea3bece865da2d8d36ca25b
-
Filesize
98KB
MD5fdead2d24985aad454fb64a7be83c34b
SHA10a75fda89553e2f6fdc1bb8619ad3fb3b42c99f7
SHA256a0ddd26dd6a13d19115df1416a46dcfa5e3af93b79a577db563889b1b76c32e3
SHA51222dedbe60b835612caae4b89bd773c75d75735eba432019fa2206b26dbc2ba961863d04eb7b72508f95c289a8a797c0c3e94aaff58ab43248fc07390bde797a2
-
Filesize
88KB
MD59953ca56c798c15f990501914d10aa91
SHA1452523375da1230268ef966d31ba0346a5ccf9b5
SHA2565bf43cfd369462ec2d638ae8ee073cd06120dd4eb5761c13f6de0c09ba169cfe
SHA5122715b3f297cc0d158259b38f2c8c89ea53d7c6c471f1729147c11d5aa455a616e53659d871a06f5c28dbcf7d9398142dd3fab26fa2889b28b2210ecf50c7f085
-
Filesize
117KB
MD537a31c08c07fad8e9f442247308b5a90
SHA1907866f550beb7f0689757bebeccb78305fc8aec
SHA256bb435975889d13990fd1e242c6c6bbae058cb793b56fe491239db0a3ed929067
SHA512ef44a6019a9dc919a794aca942f4b9082056c7300f472824b3055570d2ca83d7f49fc3944d1d9c4b8b21f13fd34709d2bbcf86969fd8ac97a37f6c71a70acb25