Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
10/05/2024, 04:57
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win10-20240404-en
windows10-1703-x64
8 signatures
150 seconds
General
-
Target
sample.html
-
Size
31KB
-
MD5
6459137264e968b48af0ccf23ed3a141
-
SHA1
a635794b176f202f851edeeaf32b27ea9c7e95c0
-
SHA256
374dc46360fa562d934ee7b54173a766d40ecac30abc1bf97d6130b0cf248dc5
-
SHA512
c2f56874b8f70dcec8d4a11f573954697d59551db6c23afcb6802f0e82933e4df96a5df57c3db42c070dc2750d0aed28267a5c677ce620ec09e39a280959bfe0
-
SSDEEP
192:6/FOC6gBVtFK1pTEcbEogYoO31WBTsZ0LVobGD4meTG6h8FDgAXt6tZpPUgmL+v/:bulF6Rz1WR9obGD4mw2MCg
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597906619490608" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3560 chrome.exe 3560 chrome.exe 3284 chrome.exe 3284 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3560 chrome.exe 3560 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe Token: SeShutdownPrivilege 3560 chrome.exe Token: SeCreatePagefilePrivilege 3560 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe 3560 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3560 wrote to memory of 2200 3560 chrome.exe 73 PID 3560 wrote to memory of 2200 3560 chrome.exe 73 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 3900 3560 chrome.exe 75 PID 3560 wrote to memory of 4892 3560 chrome.exe 76 PID 3560 wrote to memory of 4892 3560 chrome.exe 76 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77 PID 3560 wrote to memory of 3748 3560 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3560 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff978cb9758,0x7ff978cb9768,0x7ff978cb97782⤵PID:2200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1692,i,2604791411090766458,7075296317909585972,131072 /prefetch:22⤵PID:3900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1692,i,2604791411090766458,7075296317909585972,131072 /prefetch:82⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1692,i,2604791411090766458,7075296317909585972,131072 /prefetch:82⤵PID:3748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1692,i,2604791411090766458,7075296317909585972,131072 /prefetch:12⤵PID:168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1692,i,2604791411090766458,7075296317909585972,131072 /prefetch:12⤵PID:3404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1692,i,2604791411090766458,7075296317909585972,131072 /prefetch:82⤵PID:4952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1692,i,2604791411090766458,7075296317909585972,131072 /prefetch:82⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 --field-trial-handle=1692,i,2604791411090766458,7075296317909585972,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3284
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3844
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5e727c0aa09fc1c7440f2897c58fce0e6
SHA1b5fda207834c0ca5fbd761d6750a3812c68e50cb
SHA256724cdbcb7efd9b5d937a6aefc1e738d3252286bcc0a904682111ce5e49e8419f
SHA51247c7febb2e6f8797afce520ec5590609bcc427fd6d24778afc3423793ee6fd7a8bd1c25da4188ad4569b7962810077d5dc88c90f26050faee2f2898314bf5452
-
Filesize
873B
MD5ee13b88bc63b6e11cff6c225fb542b4d
SHA123ea7468f25fd0cbbc88cb3608ef4104ea8f6605
SHA256b47f4b90aa15677f57f61ee020a253e361d1b80354f12752a379f97236939f75
SHA5121b5d0763c85b4d1ceffd7087e7328463b56a3180b4af078d42eb3fe57e8e5508189904028afbbc75f45ddc6cecc83ba27e54cfd7bd94c5c3638dcadc8ba9ab05
-
Filesize
5KB
MD517b97307700b3b114777f6b06d8eb16f
SHA13a9f4dee86570e0e0185212725a1aac6743c3272
SHA25667549dd998ca6763df18d123a24bc74f321401e292e73ad35afe8a56dfab7796
SHA512426e5085c45362949a17849e417b0f0eb4879368b8513c75b2cee908bd584dbefc2d3364399baf8e0ce286f2aef42a25155148adf1d500a34852614fa6e13d6b
-
Filesize
5KB
MD5675491567703a06cbb007c172ead4d53
SHA172d38daf40e6291ca6b5a88f6790b5804de3a0c9
SHA256471931ce4a11639e57ff33c98fc586d2bce0680053d2e46edc77e7689a5e105f
SHA5124d6b2a18ddbcaf7f88aea3d160cbb7876b704b31c2a8f45d6b276013368a2b73130d54d9fff44590e016e4f58a267e61a14e6860c02c14308ee9e98a55dd516b
-
Filesize
5KB
MD5b2b18135357f97c7cf9bc135d2def22b
SHA1ee53c839634c9f996e68c629983c04e93f08065b
SHA256c1b8a482def3722d415c1746860a500565cb2c325f63b88248b1258eb7f5859c
SHA5127a0e32e1e471e266dbad30bb1c11bd10acb07fc6f9a7fa4119a8a1f9719ff9dc2f521fcc8bd9bac7531d39a63b227aa6419982f718a7081dcfb2f8907a6126ee
-
Filesize
136KB
MD5695af8a5a3402feba82094e95b1d70e0
SHA1f1754422ee4e48220c24c8a0c44f5b0b820852ab
SHA256d58d337689dfed794a7006e75a4b571a837e15b47345c3b6e1e280adacdff61d
SHA5127e64c9a53f047638fea68f7a55b9141b5af1f467804eb347589ec056b91d9b46d838d10621c087af503639008f62025a9fe447d8f4fbdc3a066ca92e2f2b539e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd