Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-es -
resource tags
arch:x64arch:x86image:win10v2004-20240426-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
16/05/2024, 05:42
Static task
static1
Behavioral task
behavioral1
Sample
AxoPac.html
Resource
win10v2004-20240426-es
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
AxoPac.html
-
Size
167B
-
MD5
473fa6e0518db89024ac1d0908d913f7
-
SHA1
51de951c9f666d183aad40ddf501eec4dd64844c
-
SHA256
00d4d4d23726eff65661e62bb07e86069926df44f231e9f260359b61244a03d7
-
SHA512
af05b2cc2cf7537b3327a2096dc9e1d7d915da54f733939af2505bbbac1688706f6658a69bba1bee32f3ab7adf1f84728746350ffad7fefbf05d0edfea8cbc4c
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603117841311234" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1896 chrome.exe 1896 chrome.exe 3800 chrome.exe 3800 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1896 chrome.exe 1896 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe Token: SeShutdownPrivilege 1896 chrome.exe Token: SeCreatePagefilePrivilege 1896 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe 1896 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1896 wrote to memory of 4256 1896 chrome.exe 82 PID 1896 wrote to memory of 4256 1896 chrome.exe 82 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 1384 1896 chrome.exe 85 PID 1896 wrote to memory of 2728 1896 chrome.exe 86 PID 1896 wrote to memory of 2728 1896 chrome.exe 86 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87 PID 1896 wrote to memory of 4628 1896 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\AxoPac.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7493ab58,0x7ffa7493ab68,0x7ffa7493ab782⤵PID:4256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1924,i,4474810111977271134,8953220330983142646,131072 /prefetch:22⤵PID:1384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1924,i,4474810111977271134,8953220330983142646,131072 /prefetch:82⤵PID:2728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1924,i,4474810111977271134,8953220330983142646,131072 /prefetch:82⤵PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1924,i,4474810111977271134,8953220330983142646,131072 /prefetch:12⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1924,i,4474810111977271134,8953220330983142646,131072 /prefetch:12⤵PID:2672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1924,i,4474810111977271134,8953220330983142646,131072 /prefetch:82⤵PID:2036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1924,i,4474810111977271134,8953220330983142646,131072 /prefetch:82⤵PID:4484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=980 --field-trial-handle=1924,i,4474810111977271134,8953220330983142646,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3800
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD518771913301fdc8e5ea6694e6ce1409a
SHA1b5ac6f7d1876a9b35cdb247e9bf1e6af06894a84
SHA25691114b982d18cfd35aeb210da4f76f602f80d282fc8070e0c39d45624e7d2348
SHA512468a980f05d837a3e327806812c8bbc8eecea1aa5bde9952a1c32cc75886feb555affd82089120c6cf920635020f02e8cd528801cfcb3ef6ad4a7de2fd6b4715
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD51a74bb36c188c4f684cf22294e85b7d3
SHA13e63ff241dc73a0f133029ea26e27cfc75f77576
SHA256c03a9ccdcda370f5391d667dc9912bc90b9e464fa6c8e3c9dcbd9ffabb2e2644
SHA512e2aeea619c0caff7fb86561bf768ea67986e7548ddd0dcf5715e110953aa8deae2a1cff7b7cd3c738a6c786fe30f67ace39f837b5f3d15c23056e29166c43655
-
Filesize
6KB
MD5076bbc51ac7b2af36f533cc2e9c85d9c
SHA1d2fd0dadc00aa43fb00909af50176e0285f8d545
SHA256c53516892ba2e285ed0c6d5f13832ce8fe097c29bf68e2541b6d6e06667b1ec2
SHA512273ce86381c363312358e338634bd4624672f98d1f49703ab3308f991023ca5a63fc084c7ff98b7cde47d280179205fbfd8c8d054759c33d4040ef8199c27446
-
Filesize
130KB
MD5b2ec1c59bc60f7cd70ab223036a321ec
SHA10d730df2a6716560448049bba777c7a5121dac54
SHA2569f71fb89ded11d1f9d5338209d7bfdaeed60d2e9368b4682154a3ab7e20c0615
SHA512c00d9d0a931e0e81b507914023746c4eb3a5d602582ccc7d7ec329ab79ce54cd55aba0401d77293977bfbc3e2664e5dbcf2de5f10ebbde159fe917ec0ca079d7