Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 03:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://yunque.tv/msgnotice
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://yunque.tv/msgnotice
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597870239640909" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 2880 chrome.exe 2880 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4808 chrome.exe 4808 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe Token: SeShutdownPrivilege 4808 chrome.exe Token: SeCreatePagefilePrivilege 4808 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe 4808 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4808 wrote to memory of 4280 4808 chrome.exe 81 PID 4808 wrote to memory of 4280 4808 chrome.exe 81 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 1500 4808 chrome.exe 84 PID 4808 wrote to memory of 2448 4808 chrome.exe 85 PID 4808 wrote to memory of 2448 4808 chrome.exe 85 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86 PID 4808 wrote to memory of 3872 4808 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://yunque.tv/msgnotice1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4808 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccc39ab58,0x7ffccc39ab68,0x7ffccc39ab782⤵PID:4280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:22⤵PID:1500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:82⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:82⤵PID:3872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:12⤵PID:1732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:12⤵PID:1204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:82⤵PID:2200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:82⤵PID:4812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:82⤵PID:4488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:82⤵PID:1192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:82⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1800,i,8645268660728227273,7084224484874534459,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2880
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD56d4851dc5c1fb2565315b4e48330f311
SHA1862e593d90354ac1e18c3b27f060312c2d0d8883
SHA2562ed2b7210a26f28e7d72ab70c1bc2c33af7c400040d0c0be0e6e337f27a29d75
SHA512e211f032ee3d02a7ca19fbd6cab4ba755c058e0534f1c759785e46cc004070a5e6587c7859e9e69f8d1ece36d2b0cdf6d97d90b824ce30893a773854c7394c2e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD52b147e6f9e6959a84e86e4fed787da85
SHA1d06d90228a9d776dc88ef4167ccaf30803285074
SHA256817671f71562a401e9eac0abe6a7ba7a9a7992461c043df469cfff54391dfe72
SHA512830282619f9bf82c42388b565c01a253934aa8d9d2ad09b5302bba3a3b4a2ba9527d386c338f131c10336afdf01bb04eb3fd9b0cc1f1825a61c46cc12ab67151
-
Filesize
7KB
MD5b5ab5cce42cc9caf7c02df3ce5dc914e
SHA115bf34e87f52817e92e910db1c0a1c92eee6ed8f
SHA256b7d5c2d8af9e4bd8dc31899389bee51455ceeb9b2cdb208e14bc46ad09344f51
SHA5125449857e12c1a768bc23d96a2ea8b0ab70f77ea3ba4c0983c5730038df8a6a4c3dbc5bd9f2bf61495cc81e5bc7907150f61bcc57187c6366017873b8618a6e74
-
Filesize
277KB
MD55d64218f2ecc8304d4bf43871ce2f7e1
SHA14865873dee3422122c6fa33ae619ea7087b4aa28
SHA2567176abd76f24af262d0b0b39744a4b5e831acd56e5f595cda69ad50065eb4189
SHA5121601f3f4088051f8714f66a48fbb01f621a20b2e03b8d924015d0084550970ea17ac8d040f49bcf31ac9488c3a32db246e0b93d4a07ea81abc9e154b613e8125
-
Filesize
257KB
MD50d8a922bdd4eac7e4e2093648fef3635
SHA1023432fcc497031549951c8d40723a3e16a30886
SHA2566e119502e44d0963350a07d05d836ba6e1760fa3a4a7354be1305eec5487154e
SHA5127f6be4c82aedae550695749ffb9555ad8686cbbb3ddcca1d4fa1682bb6f468be26eaf307f85b7f9f7c526871164ee162983f3729d3f63bfb2ff6b47b6553f98f
-
Filesize
257KB
MD5a2c182ca63d343238859ded079c7c874
SHA171610511139439cf5e57e7eb348a4391596da574
SHA256d3597462b4667beef578c2e469e3acaa178a1cf25a8fabed22aa0fb0a075cbbb
SHA51254ad0276ce9756fce9b7970fe99066e61937fdf0c30fe3d97e3e274d09390203360f0b2bf9b03b0db23a8876331953b2baaadc1d7f94fd19adfab7a733ad6df6
-
Filesize
257KB
MD5ba3172ae907a1090a86032294045a9f3
SHA121644deda9a968cc13dba749820b8e752082fd6a
SHA256df8182e2bc88f90778831470505e921ae7b5e984f3cba6b5ab85da15756e3413
SHA5120406dcc9ef08af463db3245b0c164d9b95389b443d5d7e4edc294f52300a2edd80a94ce17e668e7bbcd03d00e88e8af0863c13ad1eaca9bd0ba3dd35709d2992
-
Filesize
91KB
MD58a3edb403d3023cb8bf0b3958d6776d2
SHA14bbd1fb56229a596b80cc0bfb15c005995ddf8c7
SHA2566c82390a8f31f116fd02cb3176f5885d05eaa4b787315df63a8d2b17cc42cae8
SHA512522a4cdb579d462d39e613219f32cf184b5fa235576e4d4ba5fe9d21bd1c681e789a4ffabc053e7a7677418f648b48bae941e31a784d5915916308def7a6ac76
-
Filesize
88KB
MD5ab77df521c1ec9b6e6527d5b839c272d
SHA11e06db2854f2241eadeeceae3615a84974bee968
SHA256ec754d69548042d2d725da861511b7c875f729ea652b0634d6d08a2a9f5f5d4f
SHA5122e288a9d9b542ab0a4a5753bc67d48c3ce7b531873970ebfa275888271f9f8eb619f4ee62fb1c78e62d7857b5c35ea2600f7ddfc8c61ce01aad65bb21b1b7545