Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
25s -
max time network
22s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
08/05/2024, 16:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win11-20240426-en
windows11-21h2-x64
8 signatures
150 seconds
General
-
Target
http://google.com
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596603788729085" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4904 chrome.exe 4904 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe -
Suspicious use of AdjustPrivilegeToken 50 IoCs
description pid Process Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe Token: SeShutdownPrivilege 4904 chrome.exe Token: SeCreatePagefilePrivilege 4904 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe 4904 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4904 wrote to memory of 1264 4904 chrome.exe 78 PID 4904 wrote to memory of 1264 4904 chrome.exe 78 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 3512 4904 chrome.exe 81 PID 4904 wrote to memory of 2136 4904 chrome.exe 82 PID 4904 wrote to memory of 2136 4904 chrome.exe 82 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83 PID 4904 wrote to memory of 1404 4904 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4904 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5cadab58,0x7ffa5cadab68,0x7ffa5cadab782⤵PID:1264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1772,i,17153432531489283853,8597890597526875340,131072 /prefetch:22⤵PID:3512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1772,i,17153432531489283853,8597890597526875340,131072 /prefetch:82⤵PID:2136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1772,i,17153432531489283853,8597890597526875340,131072 /prefetch:82⤵PID:1404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1772,i,17153432531489283853,8597890597526875340,131072 /prefetch:12⤵PID:2912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1772,i,17153432531489283853,8597890597526875340,131072 /prefetch:12⤵PID:4064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3784 --field-trial-handle=1772,i,17153432531489283853,8597890597526875340,131072 /prefetch:12⤵PID:4932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1772,i,17153432531489283853,8597890597526875340,131072 /prefetch:82⤵PID:4356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1772,i,17153432531489283853,8597890597526875340,131072 /prefetch:82⤵PID:3212
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD529791f702152859a5b4b739c35eba43e
SHA1cd304e15838f845c82c4045c15ae6b6f30c0ddd8
SHA2563d54956f6d5232f52249251719dd8db29785bd4e3c6a10d6f4feffb68ead94fd
SHA51232d720d5dce7648a2f977eb734a855ad28b56d5970444dd309693910559edf3535a8144cd81a0b0ed6034db2cf0a97141e3e7d3058589b46319ca2a50bc52306
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD50e19e0bc7ce247ec202d970bdffb5ded
SHA1ee609b34e3d82689d3006c17a1a072e8fcd192b3
SHA256d2e6cfaed2831a0eace6a5e6a12817272ff371e229eb166d7a8d22b422372b1b
SHA5120132119b48d62b07e7f47a0d7e74a3ba47d4cac04ace112caea4d8a17335d95d9c9d27e968b1318530cfa9945f1fc850c53102eafa3b3bc99bfb1bfa1086bf46
-
Filesize
7KB
MD56d52fd9b296c950443f9552f4335496e
SHA1af82b95f093ee564723a624e228208c361ce99c9
SHA256951f912f50a0de47054267307a37f2245f66db202f1ef7c7bf441651f9e07876
SHA512edaebf61f1e0f19f2283db8769e149ee77b214f956de32942f2bf87cdf5ca91aa569386f762a1b74405c759282e1bdd6bc16b18cb1b40d0edd45e1371618a5c4
-
Filesize
130KB
MD537abfb70f3c97e37d07f9a7a8f43a9f5
SHA142c0119032d42318f802fcdeb01ec8d3b5f5d5d7
SHA256243fa0900659762f591269b8df0d9f24e808a7c0a9474ef68f12038294e39162
SHA51243f8564831be6bcaab309588b90da23930ca2a867a793a5fdac585d56c03cbc274b94c1df7e671b71fff559a5af0a3143a9af25b6339dea9acb9583100fee601