Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
24/04/2024, 01:35
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://propiolanguageservices.tellwise.com/rest/v1/open/lvREoRK8BAA
Resource
win10v2004-20240412-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://propiolanguageservices.tellwise.com/rest/v1/open/lvREoRK8BAA
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583961690057169" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3172 chrome.exe 3172 chrome.exe 512 chrome.exe 512 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3172 chrome.exe 3172 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe Token: SeShutdownPrivilege 3172 chrome.exe Token: SeCreatePagefilePrivilege 3172 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe 3172 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3172 wrote to memory of 932 3172 chrome.exe 85 PID 3172 wrote to memory of 932 3172 chrome.exe 85 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 3008 3172 chrome.exe 86 PID 3172 wrote to memory of 4788 3172 chrome.exe 87 PID 3172 wrote to memory of 4788 3172 chrome.exe 87 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88 PID 3172 wrote to memory of 4404 3172 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://propiolanguageservices.tellwise.com/rest/v1/open/lvREoRK8BAA1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3172 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91c66ab58,0x7ff91c66ab68,0x7ff91c66ab782⤵PID:932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1900,i,14042411247320815524,13821552641505613300,131072 /prefetch:22⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1900,i,14042411247320815524,13821552641505613300,131072 /prefetch:82⤵PID:4788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1900,i,14042411247320815524,13821552641505613300,131072 /prefetch:82⤵PID:4404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1900,i,14042411247320815524,13821552641505613300,131072 /prefetch:12⤵PID:1824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1900,i,14042411247320815524,13821552641505613300,131072 /prefetch:12⤵PID:4148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1900,i,14042411247320815524,13821552641505613300,131072 /prefetch:82⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1900,i,14042411247320815524,13821552641505613300,131072 /prefetch:82⤵PID:4692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 --field-trial-handle=1900,i,14042411247320815524,13821552641505613300,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:512
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD59c241f4a35c94f88b3fe5397284909ac
SHA1421c60d79c8742fd0da62c9dc357da770070d9cc
SHA256dd6f0abd737baddaf6f097eb023dfd2b409085049f1443af45c89e9d04c1c3d3
SHA5124620c07c7162a28ed84020ffc8b9590916dffdfb469d24fae222d462829079b3241a74c59b99e9f900cb76042f8b7edf162ccb7cad16ff64dfe8e887f0ec31f0
-
Filesize
1KB
MD573f4c9931f1f53d04c95201ad843406a
SHA151b2edb7dc55b7a85b9538a7163481f2ed1294b9
SHA256fea85fc414df6364b81a06de0248a40eb3027b764be5076ff7569cff6aef862f
SHA5126267f9661d8640f7e06b10ae973684c4f3828b6cb6ab971f6cd689642aeead22895353f28cc0e5c4fea8543c76cbce8a8c2d406eac0a473b6ef2f5391d82e529
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
691B
MD5f8573ecb814399f7eef27df71602c40f
SHA150015a93f22d27ebc74ea48660e8e464001fb24b
SHA2566816c82ad5cf4f51d8327f94347dfdd91a019d4d5cc377c5d5ee01a721c29ce8
SHA5125b44cf5b903a96122a1ab4efdda14ace257f92f0ba5a038d877588b6bd94b23e2e1ebcf224bcb5c2e389137fed73bbaee13bc1544061402a8131a22d91bd7f24
-
Filesize
7KB
MD5db567ee4e554e04dd9f2b9f385beca30
SHA1338107efc16b019a75512d3acacf447d97ef6c67
SHA2560242ec1850bb0d62e6dbc990ffa320431d1241bf46ea4e3d08fd2dc7ebfe5bde
SHA5126947d5dcd0449b265d381b43929a122a376b299a0003e20ebb39cd8de91af0f4a29f9fd7dcc745f6d023492eb34f168a6dcd2fd385b52186a17cee453ab8d2be
-
Filesize
250KB
MD5083d0c7d1484481649a6441f718552f2
SHA1f9fe08a38c454b49fbb80035c200d8cce509230c
SHA256cb7e650bd252fa59b112099e04ccf9eb05fbbd0f77276a52efc5341d955a8df8
SHA51250a79a59021f73a48dbb4171cd57134e05aa3eaa6dca933c444897148e8c60610ff914cffb4294c24f01793041fb305079ad66adef637d8484dfd625cc563ae0