Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
276s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2024, 02:47
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://velvet-mag.lat
Resource
win10v2004-20240412-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
http://velvet-mag.lat
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579684953302351" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1796 chrome.exe 1796 chrome.exe 1176 chrome.exe 1176 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe Token: SeShutdownPrivilege 1796 chrome.exe Token: SeCreatePagefilePrivilege 1796 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe 1796 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1796 wrote to memory of 3880 1796 chrome.exe 85 PID 1796 wrote to memory of 3880 1796 chrome.exe 85 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 4912 1796 chrome.exe 86 PID 1796 wrote to memory of 1080 1796 chrome.exe 87 PID 1796 wrote to memory of 1080 1796 chrome.exe 87 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88 PID 1796 wrote to memory of 1956 1796 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://velvet-mag.lat1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0139ab58,0x7ffc0139ab68,0x7ffc0139ab782⤵PID:3880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:22⤵PID:4912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:82⤵PID:1080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:82⤵PID:1956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:12⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:12⤵PID:2976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:12⤵PID:2612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1576 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:82⤵PID:3760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:82⤵PID:3448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1868,i,16523034593209458468,17782767635787363796,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1176
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
744B
MD524231ca810158bc4bf28a43c321b5973
SHA1860e3a44ff64ef4a80fe57c1f47b01074a9aca3b
SHA256c46f92ad064291fdb46097d31eaa8810df8207bd3455a3f5759716ffebf3adfa
SHA51265909f37ef87fd68650e6897a8e1610ee2e8ed563ce21af81758d052e9bf674d39d4a773c30cad4c805623cbc90316a71fd371924befaf59f37853ba699df656
-
Filesize
3KB
MD5660e19170ba7b9cff03bda665ae13a36
SHA125fe63a5789297e0e0b1d89930aef83a7ba236b6
SHA256b813fd72f707e196a09f69e083d0520b8b0cb3e220ea62941adf27201986e16e
SHA512f7e8a3975c70c2ce5f2fb20ae67454fb58bffe4d43a48de9a2e5a640e9268ac93748db561db20060a69be028d37184f6e393ede535213915810d50d423bd8389
-
Filesize
3KB
MD5780be5a54e628f80dc9acf1e6adf9106
SHA177608aee721082f084170762bf8b7954325d1fed
SHA2560d85293c60a83a58b22ab832628eaf6a7974bc5062b9da3522b19fb54987e554
SHA5122e6c9e770144acc72ecd20aa767f82bc865140507af22ce8bbf68f111bb9161c11e4acf93a121d9985381d3bd708d4ad7a812731c3f6b8820f05a6702b0a6301
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
859B
MD58d13b8586462aa51e3889453bfc7ad98
SHA1cd99d5a0e3774391a97990ddf85ddac5f9a059ee
SHA25654c2aa31c00b628e822c25d7acef6444aec5856fe55de8d80d464b50474a5b7b
SHA512bddce5c04a03f14ce7a01d78f157302810c0e1f514d220c69c5885083ac2923b0cf9ea2274131b835a6be64c73ac00d60542bb426f9b51fb7f47767e9b14c92b
-
Filesize
7KB
MD5ca4e44bfff9fb095a703e44e40d3faa3
SHA10ad49d057ac012059519c8207f9941388f84a718
SHA256d10587a97453505973a38a0ab7e7156c925377072632224fcd1048e6fa49ae8b
SHA5121260f264118e8f699e5c50ed88c5189f341541c6f5f01260a759b83cd55e0e1efad9a0166a5d2a30dcd1583ad2e02cb0aef50ad7f02c8d9ac9350ce70d131974
-
Filesize
250KB
MD5e4c9346ed6f363dc7d31d33164eed8c5
SHA1cd931611e73f68dfce02c8968e68841108d3da0e
SHA256e167127f2a49a83a4e92aa7fcad172f060cc718ed3d752f457a9c763f0aff51f
SHA512745e0340707d520b76d8a118051b5a211e0e135b81bbeffa04fed78640428d2d23d7e9bf179613ca675f00947f15c98c42f7af49875439bb59f3b80194c472eb