Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
57s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
29/04/2024, 19:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://INSIGHTS.RESONATE.COM/EMAIL-PREFERENCE-CENTER?EHASH=481E9BDAF605430B9447C33EDE1C094021072DFF2F716C92DE770619716E665E&EMAIL_ID=1691041622&EPC_HASH=5MJUVDRJLFSMCGSMMD17L9MJTZJSDV-ZOX_E293J8EC
Resource
win10v2004-20240419-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://INSIGHTS.RESONATE.COM/EMAIL-PREFERENCE-CENTER?EHASH=481E9BDAF605430B9447C33EDE1C094021072DFF2F716C92DE770619716E665E&EMAIL_ID=1691041622&EPC_HASH=5MJUVDRJLFSMCGSMMD17L9MJTZJSDV-ZOX_E293J8EC
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588923487962479" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2864 chrome.exe 2864 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2864 wrote to memory of 2644 2864 chrome.exe 83 PID 2864 wrote to memory of 2644 2864 chrome.exe 83 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 2456 2864 chrome.exe 84 PID 2864 wrote to memory of 3848 2864 chrome.exe 85 PID 2864 wrote to memory of 3848 2864 chrome.exe 85 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86 PID 2864 wrote to memory of 1808 2864 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://INSIGHTS.RESONATE.COM/EMAIL-PREFERENCE-CENTER?EHASH=481E9BDAF605430B9447C33EDE1C094021072DFF2F716C92DE770619716E665E&EMAIL_ID=1691041622&EPC_HASH=5MJUVDRJLFSMCGSMMD17L9MJTZJSDV-ZOX_E293J8EC1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa2df0cc40,0x7ffa2df0cc4c,0x7ffa2df0cc582⤵PID:2644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1872 /prefetch:22⤵PID:2456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2140 /prefetch:32⤵PID:3848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2516 /prefetch:82⤵PID:1808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:12⤵PID:2352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4616 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5008,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:2988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4632,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4400,i,3080415771722569923,5113123077071914395,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4016 /prefetch:12⤵PID:4588
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:2336
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5dffff704ead354a8b878900ef06a58b4
SHA11d0c883e6295e80840bfec965e9f9c5b27a8ecde
SHA25641d0e426412a6dc99ebbbd1434152680282cb481f6bf2daee9c7c57d2c7e61bd
SHA51282498fe4d8cf1c7368ac05c19905136713f2d36ff75058f765e76357522bc643529c9a5bae06816d4dbaccb027207eb85c7b9b73d3d75a8db8e90ef87f53436d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD5bfaedbf6e533ed0489b238f347db8b1c
SHA1920289d3e1999c08e783ad121d724f2376fba32a
SHA256d29b3ccae2e7e5917462abf9df27ba7bbd50637ef24576cdbf4cac340371b712
SHA5120324d7bf696854720bbf665245eef74f764064d9c7b95463f8eb6797e9911c016d5b366f7a13c232f0e47bd1840398743dbb939b953cdf7eb4a14fac8d7018f4
-
Filesize
9KB
MD5fc7d42a4f3f69157c48c6b9db14cd8fe
SHA15c5122e3694d3272d0d93acd3e34803e164a4c0c
SHA2563f86358fd0b3c89922847a6ee38a5c71f6718e7a548254aad3dbde3575be95d4
SHA512d776a9968f75247e1d1ab09b9f5666a67eeaf362eedd509fdb403b5acf9d5557941c794645e8d4b1eb1d95bce2f4f73a482e21bbde6930b79bb0ad142515a3f3
-
Filesize
9KB
MD5ee5509d28753051d08307c90f15d3df3
SHA112d672a4022cb54fbfa7ab2faf9812558e513bb9
SHA2567f81ce71165e6d890828edb4ee1babaa3cf4254be645d56a59da68b50c2dcf33
SHA512d9ee62756911563527897cfea646fd75632225a594457750f7d115b7dda1a8fdc056043c02de02e61ab79f06afeb51a2ee50c241d4a16f417d5bd9f2a7fd999e
-
Filesize
9KB
MD57f26dc422d37c47a2bba708917f274f5
SHA17fb95fcef99b517e13a68f36556cc6f14e598aaa
SHA2561360b781f0474a6e2cb0d68c647024315d00dde419f51601e57dca924eaed0fc
SHA5122f0260140b0ba098c6ce8bbb5b0817ff808db1b496d7023bfc5228eb5fb56a4a6db8aa09f7c5674e237f83f9caf345e8e0bb2120a7721c0cfaa093c4f1510e79
-
Filesize
77KB
MD54939498b7fd2427fc55cc8bb656d3681
SHA17735232e1efcd1e7a525403a7cf291d3199e745e
SHA2566f775955cdfec96021faa77e577f0139d98347d73ba1dc595c1fb36b05d888d1
SHA51260c2e6d412452ecd54be4ecdaec0b293f4ee4379022e990694ae36cea89f02447a3440eab2a02f911927d976a80c2163506ded5c8d041d2d90e49e9487cc60a1
-
Filesize
77KB
MD5d82ae8852d3d838c38d0f82284f00fe2
SHA149be68b03e3a0ba798fac3fd10d2daeb8a62076d
SHA25610f1786a29b6b1203e029ca3edf8eea457126b136a5cc09b27fc48603d24ad70
SHA512c82d499d19e9c6452dd3187ae39ed96af65eb400d93a5416a47ebcfd527b8f2ab518681577d3c8f434c9f5f5962ad54ab72dc5e4c847da98ffde65bc9544adef