Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
59s -
max time network
59s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
22/04/2024, 15:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://click.pstmrk.it/3s/heartandstrokerideforheart.crowdchange.ca%2Fauth%2Freset%2F29693b09a7e56c1d43593e79779e07d3bfd8897a8b9a4fb90e1055de7f16ae53%257CParesh_Mistry%2540manulife.com/z9pU/LMK1AQ/AQ/ddd32eee-9d07-4c82-af81-d8bc50ea6140/1/YYY-cqlOQD
Resource
win10-20240404-en
windows10-1703-x64
8 signatures
60 seconds
General
-
Target
https://click.pstmrk.it/3s/heartandstrokerideforheart.crowdchange.ca%2Fauth%2Freset%2F29693b09a7e56c1d43593e79779e07d3bfd8897a8b9a4fb90e1055de7f16ae53%257CParesh_Mistry%2540manulife.com/z9pU/LMK1AQ/AQ/ddd32eee-9d07-4c82-af81-d8bc50ea6140/1/YYY-cqlOQD
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582738316475803" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3580 chrome.exe 3580 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe Token: SeShutdownPrivilege 3580 chrome.exe Token: SeCreatePagefilePrivilege 3580 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe 3580 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3580 wrote to memory of 1004 3580 chrome.exe 74 PID 3580 wrote to memory of 1004 3580 chrome.exe 74 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 3140 3580 chrome.exe 76 PID 3580 wrote to memory of 4584 3580 chrome.exe 77 PID 3580 wrote to memory of 4584 3580 chrome.exe 77 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78 PID 3580 wrote to memory of 1932 3580 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://click.pstmrk.it/3s/heartandstrokerideforheart.crowdchange.ca%2Fauth%2Freset%2F29693b09a7e56c1d43593e79779e07d3bfd8897a8b9a4fb90e1055de7f16ae53%257CParesh_Mistry%2540manulife.com/z9pU/LMK1AQ/AQ/ddd32eee-9d07-4c82-af81-d8bc50ea6140/1/YYY-cqlOQD1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3580 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8964d9758,0x7ff8964d9768,0x7ff8964d97782⤵PID:1004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:22⤵PID:3140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:82⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:82⤵PID:1932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:12⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:12⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4732 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:12⤵PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3640 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:12⤵PID:3704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5056 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:12⤵PID:4116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5112 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:12⤵PID:4352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:82⤵PID:792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1844,i,13355804261883976768,16945652151138197957,131072 /prefetch:82⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4360
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
576B
MD55ccba4a1f714e9ba8ab562aeebd81613
SHA1d5b0f0305b7b9b7acf7abe4ebb6066809738e25d
SHA256e74c80b26ceec70ba8c7b21e7bcc7c5a7993baa0b8a1c55846fba33d9299d636
SHA512f88050d8228416762374d8763cce05659f2fbb1da2575a9087aa2407a7673d6b0e77c1f06a9ef8ff0b16d403f84037549108fcdcd42217d28c16b4f0954e5147
-
Filesize
1KB
MD5359bd65a1f8c7c5486f7230e6115f011
SHA12b41253c2f4e5b5f24e4274ea67a7c0ff33daa65
SHA2563f8998ae0dfc253ae85d98202e2bfa69a17f4aa7d6a54654ca5a8d7655aa73f2
SHA512c224d178b4dd84d7a9d065abea97888e55c04e5cc5bed10fe32b03356b1ee3f7549d76fe2abc9b481a7e303a31ea603dae95a2c78db5c2fcca54716b8770067f
-
Filesize
1KB
MD5efce330c19ca1ebfe8dda181ec429235
SHA1b3b700644178e8d59afca3d4c1f60b3cb543b0f1
SHA256287a2c588c02854c8e1c0a8934012538184ceb90e0a2049f296478331969e709
SHA5120753fcd72e722e13681fb2da6a7c8f18e0a075474451ceb72434befc6e186c7dae9cc5e6d937f6cc6cb34bf15d08c9342e19151e2b6e772d816d888151ca2ac3
-
Filesize
5KB
MD570fede9efc591a00d0224e4e7dbe6f07
SHA13208f701632c8e400cbdf12b9e3985c8d2d724fe
SHA256eb4191369d8d63b293a126b67a96a41faaf36c554853e430481fe2fd5a92b6f6
SHA512a54a3bfb57c954ddfa662b33d7ee29345a8a60306445141f38e781069eb011051f849ea59490280c60fad24fb48058f504ecfe6881d4754b448b31360aeb2f35
-
Filesize
5KB
MD50a113afdb2d6f66471d6efc59a76d4cd
SHA1442534400ee028e2958150b7b3cb8cf6233dcd1c
SHA256ea6053e8869c11c7df1a6d9701c09810e109b79d878303bd9a7f2ad259cc9e0f
SHA5129ec4b2eaf28bbcbacf517198d1d334f9c5b4e30e874eb464f0ca7ea99793adad61a8ce72c27639b2feb666c4011f83d5136a29f3a0beea3ee00ec516bd087709
-
Filesize
136KB
MD5d96b812a005b0526a80db8eae27d47b6
SHA113a2e1fcabdf80aa8f54fd64578a2ad2d258d147
SHA256b135127e195b111ba10bc5b34fe9013cf15087020ba68a25e5c4f901eee216dd
SHA512dfc7e1ecf5589711c38e7e652f477db01f35964af3c0ca6b84040304ac94cfdee78a6f2311dfd9711d1adf8607e24e537f92579d344d7e732d9340ecc148da6c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd