Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
14/05/2024, 12:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://9oxuf.r.ag.d.sendibm3.com/mk/cl/f/sh/1t6Af4OiGsEafzIACjG7nP2WsCjwqT/7kssbjclZD-n
Resource
win10v2004-20240426-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://9oxuf.r.ag.d.sendibm3.com/mk/cl/f/sh/1t6Af4OiGsEafzIACjG7nP2WsCjwqT/7kssbjclZD-n
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601642414038969" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4036 chrome.exe 4036 chrome.exe 1344 chrome.exe 1344 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe Token: SeShutdownPrivilege 4036 chrome.exe Token: SeCreatePagefilePrivilege 4036 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe 4036 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4036 wrote to memory of 1536 4036 chrome.exe 82 PID 4036 wrote to memory of 1536 4036 chrome.exe 82 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 2888 4036 chrome.exe 83 PID 4036 wrote to memory of 5116 4036 chrome.exe 84 PID 4036 wrote to memory of 5116 4036 chrome.exe 84 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85 PID 4036 wrote to memory of 3944 4036 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://9oxuf.r.ag.d.sendibm3.com/mk/cl/f/sh/1t6Af4OiGsEafzIACjG7nP2WsCjwqT/7kssbjclZD-n1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec5a2ab58,0x7ffec5a2ab68,0x7ffec5a2ab782⤵PID:1536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:22⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:82⤵PID:5116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:82⤵PID:3944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:12⤵PID:3816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:12⤵PID:2344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:12⤵PID:4460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4448 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:12⤵PID:4948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:82⤵PID:3244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:82⤵PID:3532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=928 --field-trial-handle=1888,i,14381247471045422250,1334988783679939479,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1344
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
432B
MD5c1a0309445b3ec0b67e84b04cc6f511b
SHA10e34fa3c8ca76e8279844b68a636f7ef324c9ba7
SHA25678b4dd5d0fff7721b6a372504a63010bbbe5bb2504cd0bf8216c7a211dd5760d
SHA512627b5fec5e428fe285a2c80992986303aea6e31d789b5f81ad83956e8a2f16b1e76dd7da6c8fe79371c8bb7c86ec0ae4774ce4a1201caf1f7875b7e3df36c32f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7077d751-a10c-4ad1-afb3-a9fdeaa9a236.tmp
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
2KB
MD5e132cf409874decdd9a4d76cbf5c2d35
SHA1a83d7a668b77bc765a9adae1c0841e047f3af168
SHA256ed5a441421a772c48c2273de06dcb656516f4c8ae2cf5306caa045aa9c08f8b3
SHA5120b3940dadc2feeddb1c3e9474484d86b55e2cd7428275d2157041432c10e19b74292103f6e88303354075ee0824fa90e915ff1238a8bf766bc35b6f713860841
-
Filesize
2KB
MD5a1338c297926a7268b7c20dd68e9c09e
SHA1395ac36230dc70aa430061db4b9901b00463e26e
SHA256d043ec553e71f6a0a375df61733363b01d48f6a38a6341ea4547e25b6e8ed9fa
SHA512470baabcbdd368a07f8fb4ecfb072e9b71f1fbc8a0ab8a69c487dc4595b93a1f262d775f41cca39ec069fb2fe7c45552016b848f5f610468433470dd9c17942c
-
Filesize
691B
MD58b2eeac1aa8a245c749f65d73db494d5
SHA144900d9784bd3df0d1885a81250ecc6d697ec7bb
SHA25660b39d19151f071d94505daa5b3156e3e3c4f62597f895062ec103691846c0ef
SHA5120ee12bbcd6a2f8fbb63dc00c9f959ec0713b312c01fb3f7d7d267e6a5c4240d197ef51ef4633e5510817cd0e810d7bf59c7e7bb7e213ccfcfd8c1dab0e2a77ea
-
Filesize
691B
MD5057db37ce0b8c21325334b0c7ac10d68
SHA1b9c4cc90ea505ce7a8b8ddad9cdb8cd062c3e01f
SHA256fd208479f00c7f14dabd147e355b5f870ad5f0d965fbe334bf1b04c75cdbc598
SHA512434f8019ba0ecb5a02affd66b1de862cfed9523aab50b3c28484983937d5917b64acb68149560ac67cd8a77ccf08428dec1115b8419ae98b8d88190c32dca03f
-
Filesize
691B
MD5b1f8493c1ae7dd8f65b4c299978e3816
SHA17223e79112b757c4648b434496c974c082b1ce1d
SHA25610ffc98092b094439953e5cda075bd8229bb33d65278b38b1877e3df4b42aad0
SHA51207f026f1f28f49f2bf80651d484fa146e65e257d06c552bc337ed577acfdff0d507870abc1496dcfde7e8715a57be7bb49a591b8ba31b6cb06e5f38fae33e553
-
Filesize
691B
MD5ababefd4224cebbb0efafef8b3e4b645
SHA10f7e19c2fceddc7c732cd59f3d57230797e251af
SHA25647f96786e170a845db16a5e965086bc106079b23b57df7d5e5a4bf3e0bcad5e6
SHA5126742671ce7d59390b8bb39c05585dc50347ba8004dfed9daf352655d3316487159848be4db6bdddc4e183588ea5c83bbc999acf7d82fdb8be3555b06d7f6526a
-
Filesize
7KB
MD5ae6f34c37f7aea040e7f8e861abbc334
SHA16c98aaf45264765ccfb04db6707a10001a1b6905
SHA2569f969c55995d84bf37edf1c6bbfaf68b6cd555153061e9158a37c7613fbad5ca
SHA512507a177c07db3728a8ddf6c83dfaf9da687a84e057e46d76a9b25c9667d1dfaad431bef692ad075182522a7f65c042470a48789d34585104f89d07e411a01925
-
Filesize
130KB
MD5d189eb4463bff28c064958a7f173ea3e
SHA1973820bc3a015c032f0267ed4999c2bed390aa78
SHA25679cbfe3d3e735bfc018babf355c154aa1fc700f5fdca385107fedba745bc0a5b
SHA5125a3e90bd50d7f0bdb91510a1429d7a6b22b3feab62cf279259579bec60e908372285fba4d34fce661d79b50435ff653a6aa4ed2cc252a02d831b7d9a705f85a8