Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
274s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2024, 23:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://go.microsoft.com/fwlink/?LinkId=521839
Resource
win10v2004-20240412-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://go.microsoft.com/fwlink/?LinkId=521839
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582156668769191" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3716 chrome.exe 3716 chrome.exe 3460 chrome.exe 3460 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3716 chrome.exe 3716 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe Token: SeShutdownPrivilege 3716 chrome.exe Token: SeCreatePagefilePrivilege 3716 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe 3716 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3716 wrote to memory of 5004 3716 chrome.exe 85 PID 3716 wrote to memory of 5004 3716 chrome.exe 85 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 4936 3716 chrome.exe 86 PID 3716 wrote to memory of 1764 3716 chrome.exe 87 PID 3716 wrote to memory of 1764 3716 chrome.exe 87 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88 PID 3716 wrote to memory of 4216 3716 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go.microsoft.com/fwlink/?LinkId=5218391⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91425ab58,0x7ff91425ab68,0x7ff91425ab782⤵PID:5004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1676,i,16963048233516457535,15453059581197473360,131072 /prefetch:22⤵PID:4936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1676,i,16963048233516457535,15453059581197473360,131072 /prefetch:82⤵PID:1764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1676,i,16963048233516457535,15453059581197473360,131072 /prefetch:82⤵PID:4216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1676,i,16963048233516457535,15453059581197473360,131072 /prefetch:12⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1676,i,16963048233516457535,15453059581197473360,131072 /prefetch:12⤵PID:2604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1676,i,16963048233516457535,15453059581197473360,131072 /prefetch:82⤵PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1676,i,16963048233516457535,15453059581197473360,131072 /prefetch:82⤵PID:644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1676,i,16963048233516457535,15453059581197473360,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3460
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:444
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD50e108fdfc44a8eee08d74edc5a98178d
SHA1c796a25e4e5828b4adaaf8a40fe2c9d82a2fa2ff
SHA256113600da68c8a351e0928f7e992a41cb929ca2ed27ceb871aa41bcd13436d736
SHA512ea550eb975653860fd00e75064497e052be10b407ef6e950808230c43c67f0ed52a3985ca0cf44672a7abdb2080dc1947345821f529776220b358eece146441b
-
Filesize
2KB
MD5f8f1b49bce6cda8fbe21a50bf05cad77
SHA104340cbf3aef9fbfc59677fb988e92a1900dc2a2
SHA256fdb8d104ebc6132b6e8c441771ba64b4c0107560773003c388fb7a58459e31b9
SHA512ac08fbe081c52702784dff90e7dcb48658333b574fd07d9921b5e546257faf16ef5d20cb3c575c5b3e05d121c95fbfbe84c6ad7e1a1e6fdebac9a9888a9381b9
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
859B
MD5ffe3a220e30e14336a71d6e4d7129f22
SHA15554b80e8e2b1a5b415800da5aab55a8b7693df2
SHA256aca5f1c713f2dfdcdc021c8d79f51833f3447e121b339160cedd243a50c0e243
SHA512625fb2faf08a2eaf93aef604d6ab77e315194770645736f8372f5cf673e1a1fcbe1c1f956f618396e0f3adc8b89f5b93048c8db1f4ba0e100702b6238a5aaa2c
-
Filesize
7KB
MD5166d80a6e592065ad88fb0a96c31c1b1
SHA1c54c0e4f63447addeb0bf4df96ec19b54185d9ee
SHA2567e4f4e1302caf4f113e4ef79bc911e08c95208b1de24c4f847b7c0144f6c40f5
SHA512007b20527cd899d6cf9290fea260ac880d826e31034bb62705515f1613db38b43f48bfd6a2e852f8785aa1da8bd88f600fd1576b9aa8ce75a87970c05a86ff87
-
Filesize
127KB
MD5ddcf54af9b34a5976fbf1cc2b018dcac
SHA1abb33dcb21331fe5ac33317a1fe09b881f874144
SHA2569458b47a9705a70dc266a4bc9cb0f0e59270c93359e9c9e432705d1c7ca0b171
SHA51247be265a04f97fab7962e2e8845049128d5fe1721b222df74d443d301fa9956dd7632a658cf7db3c14d11d92742c3b2bd1cef7d0cfbb68103908213f51e77827