Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
37s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-es -
resource tags
arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
15/05/2024, 18:17
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://qrqdqd.clicks.mlsend.com/tl/c/eyJ2Ijoie1wiYVwiOjg3MzQ5MCxcImxcIjoxMjA5ODQ0NzA0MTk0MDgyMzMsXCJyXCI6MTIwOTg0NTAxMDk1NDk5MTY1fSIsInMiOiI2OTRlYTVkMmUzZWI2YjU1In0
Resource
win10v2004-20240508-es
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://qrqdqd.clicks.mlsend.com/tl/c/eyJ2Ijoie1wiYVwiOjg3MzQ5MCxcImxcIjoxMjA5ODQ0NzA0MTk0MDgyMzMsXCJyXCI6MTIwOTg0NTAxMDk1NDk5MTY1fSIsInMiOiI2OTRlYTVkMmUzZWI2YjU1In0
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602706818026376" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1748 chrome.exe 1748 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeCreatePagefilePrivilege 1748 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1748 wrote to memory of 2900 1748 chrome.exe 82 PID 1748 wrote to memory of 2900 1748 chrome.exe 82 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 2172 1748 chrome.exe 83 PID 1748 wrote to memory of 412 1748 chrome.exe 84 PID 1748 wrote to memory of 412 1748 chrome.exe 84 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85 PID 1748 wrote to memory of 2736 1748 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://qrqdqd.clicks.mlsend.com/tl/c/eyJ2Ijoie1wiYVwiOjg3MzQ5MCxcImxcIjoxMjA5ODQ0NzA0MTk0MDgyMzMsXCJyXCI6MTIwOTg0NTAxMDk1NDk5MTY1fSIsInMiOiI2OTRlYTVkMmUzZWI2YjU1In01⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff847d6ab58,0x7ff847d6ab68,0x7ff847d6ab782⤵PID:2900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1884,i,9256422413529275645,3207491174567104114,131072 /prefetch:22⤵PID:2172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,9256422413529275645,3207491174567104114,131072 /prefetch:82⤵PID:412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1884,i,9256422413529275645,3207491174567104114,131072 /prefetch:82⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1884,i,9256422413529275645,3207491174567104114,131072 /prefetch:12⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1884,i,9256422413529275645,3207491174567104114,131072 /prefetch:12⤵PID:4864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1884,i,9256422413529275645,3207491174567104114,131072 /prefetch:12⤵PID:2996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 --field-trial-handle=1884,i,9256422413529275645,3207491174567104114,131072 /prefetch:82⤵PID:3816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1884,i,9256422413529275645,3207491174567104114,131072 /prefetch:82⤵PID:4980
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5d6df9855a3c238aa8bfe4481697d0f30
SHA191534aad4eae1d88e314a20ed31d2585bb4a330e
SHA2568fa9d30917cf20e9500df939b843d210e36d5cd44bb1ef3ebac09f7831692353
SHA5124ef53a9409281c0030fbb00e66f59498fcd682e617f7f61de8301bcaee099effc98344a25d9e957026650e78bd1e7a39a698ab79fb3eb075d1260600ccdbec74
-
Filesize
1KB
MD575ee8919793df60944fc8bb59f571985
SHA11d89e02039171f94f7fb70d8678c0840c3663992
SHA256e468b3ed666eaa5251062cf57a133bfa41f09de134ab32f17f15bd43d37d7d0c
SHA51256d5ad0c94b2e35e953f516f9a6f93d27335cf400fedd69e608e9b9982e3503a7c6188f93f0a7dd7b36f414f5bc0d2d0d07db605f896ef5c80ec1128165ea3b2
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1024B
MD574ee8bfe0a60e3f0a240e4a116d57e9a
SHA1219c30eb7059242400f5752600e14f52316382fd
SHA25697c2e567b7da000a02acf02112fdbb393f9d1ff18f1350b76ee476a181a5c0cd
SHA5129bef39438e278746e9061963fc582036a5117c3372278e69f4721fd302ebce8a583421a731b4bb8010cd8fd009e10f05d029c1e7aaaf482b2c882ba9673b9847
-
Filesize
1KB
MD502afd37472325d77153e509cee011428
SHA13ec5ec13cae03d14d534d28b540ebd103e78fd4c
SHA2565736b2bd2f6f8462d0dc46ad77fc8a5ea5e9024d3b2062636dff3e9ae17cf6f3
SHA512b64b6e39d08bfa8905a364713f91e587973395dd38243b1890cc37eec885a949ff4e4d5611c0e24d24cb87f145fc411644601e495b64f8c104729720c364a5c7
-
Filesize
7KB
MD530e0644cd46ade81e3bf7a16deb4a8ae
SHA1e455794bc1e2cfe57bc4635fc6df197313668755
SHA25668a73ed22e9e15a851e1c94cf972ed0f02e8fd47d15379b4305a59cc94b56246
SHA512be5aaa3991e223a6693f8abb527739149bb62e767bcdf593896aca46b7b95b621ea08b4385b37373aa66553a7a560872b109ec475b0b83a5da07dcb00dfaf4cf
-
Filesize
255KB
MD51e1318b8e577fcc4c1be0b26287612b8
SHA137f8c965745874b86a897c1b55dec37eeb977813
SHA256ec22cf112349a792456180dde5884c1d6411f5af4d0a8a93eb950ee80ce3122d
SHA512a7044c734f31ba8e9d8cba7d10f8cbc8bda359b25434f77bb48ce61784216d24bda008e4089cbeae3de1a08a68a6ed0f1374c4622737f510ae831c430d572b8d