Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 17:24
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://support.cloudflare.com/hc/en-us?utm_medium=email&utm_source=transactional&utm_campaign=ca-update-ns
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://support.cloudflare.com/hc/en-us?utm_medium=email&utm_source=transactional&utm_campaign=ca-update-ns
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598354642324052" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 1860 chrome.exe 1860 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4508 wrote to memory of 4008 4508 chrome.exe 80 PID 4508 wrote to memory of 4008 4508 chrome.exe 80 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 608 4508 chrome.exe 81 PID 4508 wrote to memory of 428 4508 chrome.exe 82 PID 4508 wrote to memory of 428 4508 chrome.exe 82 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83 PID 4508 wrote to memory of 4584 4508 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://support.cloudflare.com/hc/en-us?utm_medium=email&utm_source=transactional&utm_campaign=ca-update-ns1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4ec4ab58,0x7ffc4ec4ab68,0x7ffc4ec4ab782⤵PID:4008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:22⤵PID:608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:82⤵PID:428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:82⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:12⤵PID:2900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:12⤵PID:1912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:82⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:82⤵PID:1500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:82⤵PID:4588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:82⤵PID:2720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:82⤵PID:408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=952 --field-trial-handle=1952,i,17991534949628402551,3818807363060524047,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1936
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
432B
MD56448c8e4772250ac936f026fb953c2d6
SHA137fd1ba58122c427f4ddadc2d078ba5dd3c38d1f
SHA256dfbc3eab5ad2fd4c3cfa2cdd32ce3fe93d3a107b34553977787c39985d5f7cad
SHA51264f38ddb3a6a267ef41be80f6194b5adbf98213966155acb7d824cce58afbf7e6cd81330461d64551159f87ae195fed7968ecaa6a21ffb0c83b2adb10ecc13b9
-
Filesize
3KB
MD522097e489c00f0100960ad70c2c2d356
SHA1d7f6dce9d2d0d83182d1e39024ca4ffb1cbda8cd
SHA25620434854041792fe172ea03ee472320d16a513fac0671a68b6dd2a05fd183818
SHA512b1759cd8fb795c09871fcf83550d3ba859191a03a1e485236f2edf6da8408ece7b3363c9f3edc0acc75d013dad936189a06a86b944d30f621917a10ae476a81a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5df86675add1b718c4f90666735dc1e00
SHA1b40fe8f099ed186927f7ab5aa300bdb3bb4ec2ae
SHA256e197121298719ca479263ee81110087e9e902ece89252845292a2ce5f2cf713f
SHA512ad6d348f28725e9fdd882846314ccce3b849b8f355c54c8ff7911a8a850ed660923d86d59b9adfa00ae8b1e43a24bb9fd77d43a830ed04a562792b0addeb22bf
-
Filesize
7KB
MD59ef2d4eaa3351222de47c8425d62b97e
SHA13d85ffd14a964f68acfa039bb64542b0fdfa60e0
SHA25650fcf3ababcd1f83149f9220ec25386c4a99a78939035b9619b515a88725f801
SHA5129ad297cf9c6f8d00c0f0b2ce4bcc2d3ef83397c12e3fc8b58ab1cfea8991f6635b5fdfdd3acc8f22bc1a45d43241e842eb80565b0db217047a992e2f05323b9c
-
Filesize
257KB
MD501807be23d713566411f7db107e726b8
SHA19a76a3f0efae6ebfb36a5b5daf987aa897e5a2bf
SHA2561ec734cd25277fe07ec7e23f836b119e8fb1594c748ad6262b99842aad7b2cd4
SHA512a3f3eaf9062fd131fac5d346eafb6d9ca53e23373f6d525969c8f2e809c17aef544c11858cff6c8fb0298f170df588624b0b7e2ac8f23aaa5fcb8989079df808
-
Filesize
257KB
MD59e5c1f9b8e2510fa30f3150f34ff77bb
SHA1af8c8414732ab1eae9923ee1fa141d1e9cf2d1b7
SHA25697ad8d80942aed28ef7109298eb6f1facca6def29d3f2035adee056f876ab653
SHA5122e56c94a38e6ba2e194ba847772e51d969c8a702332ae5c4d454da344a6e3076e6c82ef24306ad79002c2e025c45f11ea8f0e39aa80385a1938ef47cd57c4f2f
-
Filesize
257KB
MD54e445601f67a4a4d2149338a7b677b9a
SHA1bf7ead2646cbd76851b79ec50af7a11c25d1ae40
SHA2568c7523355900e409f1eb44ff31bed4fb71d3d48ddaedf447686877b772bc142e
SHA512faf4eca9ba2667181a044fcd13f3cb7ae1cc8a1c9553bc2d8821e05f01e33b3da1533713a28b1e61001d32740b6f65c548942fc02a355d3b948e1cb168863b34
-
Filesize
94KB
MD561894e85406cef87964c6fb1ccb02f76
SHA1a79512efb11ee7bbc73402397070355fc4130ef5
SHA256ba602da421236801a7eaf22c1463e3058693e8852a9a080ed326c8dc05a46906
SHA512442e8f3df683ece2fed2282b0ea6c23ee14a8901a46b4bf98be889d023971c2004b0e8cae13be062ebefae8451c89a4d71e84b66c62be6bc28bf1aa9e59b6b97
-
Filesize
91KB
MD5a9813b720651e5f26bd9527ecf809c6a
SHA17bf8c69f1e4dd48e72e15b7a7e6752273db101f0
SHA256cc9c8e9507ed3e69694ca36a9be1f289e786cde54b9d082e944fd5bd93766e41
SHA512af6d9ec61efee64be6b684add200500085cfbb058e5fe857470e662df776cc849f7c3836eab2d85d84bb26478bbb753c525ab8c7cb72faba210b8154fb5ade0c