Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
209s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23/05/2024, 16:29
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://Roblox.com
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://Roblox.com
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609554154664675" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1724 chrome.exe 1724 chrome.exe 4360 chrome.exe 4360 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe Token: SeShutdownPrivilege 1724 chrome.exe Token: SeCreatePagefilePrivilege 1724 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe 1724 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1724 wrote to memory of 2416 1724 chrome.exe 84 PID 1724 wrote to memory of 2416 1724 chrome.exe 84 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 848 1724 chrome.exe 85 PID 1724 wrote to memory of 772 1724 chrome.exe 86 PID 1724 wrote to memory of 772 1724 chrome.exe 86 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87 PID 1724 wrote to memory of 2084 1724 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://Roblox.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58eab58,0x7ffdf58eab68,0x7ffdf58eab782⤵PID:2416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:22⤵PID:848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:82⤵PID:772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:82⤵PID:2084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:12⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:12⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4272 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:12⤵PID:2932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:82⤵PID:208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:82⤵PID:4424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1804,i,15060536068262089857,4523399049013985472,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3964
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
255KB
MD55b2abf26ac38e898d0d94b3a7704cec4
SHA18cf3fdcd5c0af2577dbb620860afd26bf988eb37
SHA256e26e99c22fba176b9294d57f7c1982cd8873dfbb2129dc5f80d9abded893d41c
SHA512376424c3596681e64b544ef31400993c835ceaddb36e46835dea7b0a6a45c247bfb44463c86a59c837a2763828536b1a88fba247b7cd05a29a6ed9a108a7f0b7
-
Filesize
2KB
MD503a7ea60c38314374deb0b4e88aa2eef
SHA11374f933feeffb012bcb0e4711cb53f638e72fc1
SHA256daf5dea7ef006b6f81cbce19c41bbbc0f287d001017e857c895b7583dfe17116
SHA512c4dcb1098a96f42d4ea07a93d93187e0a5f23c1cb4c4952b3ab905afbc14f565f9ac2d0c8e5324ecdc1e8482cebe9d174965d9b575adb0d7195c93d1f0ef0bba
-
Filesize
3KB
MD58dfc6d17c534e8b90e061cdc4ebfef7c
SHA17deaa4361e63112caaa4b311fb5b821b413b86c2
SHA256f77f979ca061188b65fa7523e9cd4cc07fa5f8e7201cd1f174bad22f6a2e4720
SHA51264cb09bfe4ba6a9537434706a04fb13c8223f385c0ebd582e6b394c3da845b067feb4456d080f8f0f6802b52427e4e101c8b61855ab9d7562323e7447e566a5f
-
Filesize
3KB
MD5fb6db0fdd9abcf22a6abf012500d9937
SHA1338482d5958019c43db0ab2c83d51b2b35ff0441
SHA2565a5726016ff4e2091ffc0f970e83ff22e4f8303835653a72717462e8bbad35cb
SHA512fb0b4db5b172f739b1457dc40aa8379106880d812b249a003d92195658dddaa20f0b9ee74e0886ff831bc64fe392a757a49ef51906cfd97888eb48b1a2d14683
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD582c3faa455475806f77ed030d07da9e1
SHA16f46e35fa584de8efab634f9203759f1503fe1d4
SHA25611bcb87bdb2ebd3def51a843b2bd7df87bec0be3be2c35e022b8e35c4b35fe61
SHA512e49e6e4b4420e9c136aa56064b794b1d590155d97057791af8a910b39aa280e2653bec5b25b2c9584e642374bf7750fb216db179d6a9a143cd3b5c63003f6e2c
-
Filesize
1KB
MD52aaf709e6a6d9651869a29d03f2f85b9
SHA1615263226196908475d4f3ffa34cca89b99c4eaa
SHA25632bbde0e5ea50a58b86628f5329afb58730d64b75cc80250fbf07df21b2b38f2
SHA512cf2584568d501b4386399409a55e4dfbc730644ea3d3ace13a8b625d4026801e79f7b12c74a25d568d06947384022b3376b28ccb579eaca195fb7de9c011cf96
-
Filesize
1KB
MD53455662b711e579bdfe34e98d92862b0
SHA15f3258e552675bada9540c591cddede2e693e170
SHA2569d53ca66e008d9db994c86eab139c30c8a4bd06872970591a6c1abb06a05ec0b
SHA512202e97f936e03cb871ad970596ac637f923f6a27e7b4cf2841f3e81867e08d0c9a7ad3f5372052e3348045e1fe89ccc75b8893793cde5c7affac82f1bd99afdf
-
Filesize
1KB
MD5c86c477d34bcbc3f01b6111c6c975683
SHA1e0243a62513ea7fa03932050f08a167b804e5b15
SHA256e1894246de004a32df99fba5231493b60e0829b5c041c37823e117b720abf303
SHA512d95e3f4c806e2f24c8582bbb48dfeda06f847eac99dcaad5577ea40350f00559ad0117f5ba3e1b8eca948e8ca2ea872fe6a7ddffec924d13f10eef05a2571a3b
-
Filesize
7KB
MD5636c150d1a3271e34a19f13bbf484e1d
SHA1d1cc9d8f8633abfc2c4eb2f140dddf73197012df
SHA256b6d2a0fe0f0e00c51fc7919e4ca5b21081e0b8201c8e7138ce0bf6e95ab7d9fa
SHA512f48e78d0b490b411e293b46c3bfe13d506a3311ee246cb84e6ce9137c1fbbb615237c964dcadf4f438c0784021a655443820f931122d537493a2174c1883241e
-
Filesize
7KB
MD5f068d3e6cf3c77f5d7eff5f855bc6756
SHA1da697164127d6f8e7819be882f53429b469a48fd
SHA256634b8fa53d3d8478c7d2f2380985d104b7454c6f651c3ff906be46e0aeb87c21
SHA5122fe4da51c95612c7dbc71890b50e666076dc38b7e3388e686d8db8fbb20b6c1fd24f00b159e95dde8cf5448afb1cffa69c0117f369d0f1fc236f9823baf4323f