Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25/04/2024, 03:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.jordanracing.shop/shop/Hydraulics-Pneumatics-Pumps-Plumbing_80ahojpno.html
Resource
win10v2004-20240412-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://www.jordanracing.shop/shop/Hydraulics-Pneumatics-Pumps-Plumbing_80ahojpno.html
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584883859439165" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3384 chrome.exe 3384 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3384 chrome.exe 3384 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe Token: SeShutdownPrivilege 3384 chrome.exe Token: SeCreatePagefilePrivilege 3384 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe 3384 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3384 wrote to memory of 3392 3384 chrome.exe 85 PID 3384 wrote to memory of 3392 3384 chrome.exe 85 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 5012 3384 chrome.exe 86 PID 3384 wrote to memory of 4840 3384 chrome.exe 87 PID 3384 wrote to memory of 4840 3384 chrome.exe 87 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88 PID 3384 wrote to memory of 3828 3384 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.jordanracing.shop/shop/Hydraulics-Pneumatics-Pumps-Plumbing_80ahojpno.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3384 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3192ab58,0x7ffe3192ab68,0x7ffe3192ab782⤵PID:3392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1884,i,15261730618586024064,6321769437766244779,131072 /prefetch:22⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1884,i,15261730618586024064,6321769437766244779,131072 /prefetch:82⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1884,i,15261730618586024064,6321769437766244779,131072 /prefetch:82⤵PID:3828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1884,i,15261730618586024064,6321769437766244779,131072 /prefetch:12⤵PID:3772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1884,i,15261730618586024064,6321769437766244779,131072 /prefetch:12⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1884,i,15261730618586024064,6321769437766244779,131072 /prefetch:82⤵PID:824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1884,i,15261730618586024064,6321769437766244779,131072 /prefetch:82⤵PID:620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=984 --field-trial-handle=1884,i,15261730618586024064,6321769437766244779,131072 /prefetch:22⤵PID:1396
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD572b559d7be448c7fb44d6cc639972736
SHA16ba4c32dffafd08a915a7b42e4ceb40905abf9e2
SHA256fbc9c4b30580a4e49fff5c242c914568361759a041e9324be4068698641312a7
SHA512b09125f7edafeeb4d393287d7c1618a62e4bff0ed2e83d73593a63233d25f822c3aca60c515a621bde1aa550cfec702bafe50412915caf07af69af21920fbd9b
-
Filesize
1KB
MD5f236090cfb7dc413927398f7953069a7
SHA10bf69c3d72ddb3f4173d5b248d744fe4fb080ec0
SHA2567185412a01ed594d88239a811122042acf7822d406b0e14e711d9976722ec570
SHA5123914e7dc7e2e4fe27c9df51f4d02382cbd70cf6d11c550bb86c7d95752d73dcb49d5b0efb478e5f1b6da049939661d5bc09b3c5e06e9f5057e7925ff75a430b9
-
Filesize
2KB
MD598e0613512cceca1fcdade051a15cbcf
SHA165b398ae47fc8e4fd70bca0ac787e480e282a5e9
SHA256ca2d230279166c9b250c82afa005a2b0e6158e47c56e040c9be449459c1fedc3
SHA51282144d9edd8c7bfd39b362a9b7746fd408e4fbb614801eae82a4d01d4b02c4c4e4d100deb7fdb8e415d03ab90b45f3b45ee8c6ae57ff50541c5cb94db5a2a3b3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
859B
MD561fe17ca1aca56730c2e996a47dd9851
SHA15a1ecfdaa928adfb0188b6fcf168bcd2d6b70b33
SHA256becaa60c9f454a7b1f911ad5a65d63dcba37a059c312f96fb659658fc053b751
SHA5120c0df15898d3e9b2038404040e88daf58992c9d66b2e8a40dadf3321cba06de3f4439fd46cb9084a2f8a765f3d77cdc777fdf0b0d6e0c159687ac6fe934530bb
-
Filesize
7KB
MD5cd96a36e6e39b3ad2ba27d6bc8c88d63
SHA16790c5b7b5f0f5df4583624c532950ab4e321433
SHA2560a681b421de9561cf913d80b6da4542a6fda8b6df868fff011798e4954d2f1dd
SHA512ebc814020c04e9e70ccf2c47c3527ccddb91409bae742dbd995be8de28eb88f5863cf0f5298f78cc81e092a9f330663bccdbbb0591b9080dbbfb3e5c34c14597
-
Filesize
7KB
MD53aa659c0e46f5bc0f1204c2ebb08ae1c
SHA18e33fdc96caa8112c02cbaf1664ace66c40bfcde
SHA25683a03a2befb4c8ced9b5a4e6ea32c62ab46bb4b15086cdc0ccb2c31092f01474
SHA51289772f3b0d951cf47c64d0d049b8ee69606c587a901484d433bfa79dd72fba655b9018b83a78986bb14aed7c0fe419d9670cd4fb4c1f36db18ecdde1fb302637
-
Filesize
250KB
MD5950c35f7bb7c0abecdde37090fdc0435
SHA1bb2e0bff77993bfd5adbba525668517388e7c5bb
SHA256c7193fa90b6efef2b83c43de38d0d12e99a26ed7a55f45ec213eaacd04f939b9
SHA51274724167e3c660d9d3ff9db17a8c57492e58cc24797d3bfe07c9fe4450c2117dfe87de98c13fc2d58cb7da4055309e9c00a90874939984be178b10143e08ed8b