Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
297s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 19:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://jardinssecrets-terrassesbois.blogspot.com/
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
http://jardinssecrets-terrassesbois.blogspot.com/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613116571632721" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5060 chrome.exe 5060 chrome.exe 4788 chrome.exe 4788 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe Token: SeShutdownPrivilege 5060 chrome.exe Token: SeCreatePagefilePrivilege 5060 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe 5060 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5060 wrote to memory of 3080 5060 chrome.exe 82 PID 5060 wrote to memory of 3080 5060 chrome.exe 82 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 2376 5060 chrome.exe 83 PID 5060 wrote to memory of 3224 5060 chrome.exe 84 PID 5060 wrote to memory of 3224 5060 chrome.exe 84 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85 PID 5060 wrote to memory of 2384 5060 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://jardinssecrets-terrassesbois.blogspot.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dd7eab58,0x7ff8dd7eab68,0x7ff8dd7eab782⤵PID:3080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:22⤵PID:2376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:82⤵PID:3224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:82⤵PID:2384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:12⤵PID:4936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:12⤵PID:5068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:12⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:82⤵PID:3672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:82⤵PID:212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1560 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:12⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1860,i,14982061649119732686,3691166949070303791,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
360B
MD512901d8fd5a611803419c2560d557b97
SHA1761d8dd72a5d6120ad1f0697a44039e0010879ca
SHA2560b557dfc00af0de98e3a87a5849c2f7e9ee37a53079308fe9000fe950019d7f3
SHA512e8753f726b7c359552f7a8c1a3a6d7d2a02f1dc9b19a1f12a2edc02450d8c14badb5b933c634f0c34f3dc711c6baa0892bafc6176bf0c261dd23353403bf4fcf
-
Filesize
216B
MD5e39100439a94d7d47940eb011f2227cf
SHA1eca789a8364cb779da70c0622c239186e28ce4d5
SHA2561d64236c2286100ddb382c39b167d42e09933fdaed9e6b59148b8000b33e4136
SHA512fa81256ef443eb3b0eb07efc1408fd7b5ea4404a8f169151c759825a8b4b2d5067423614a8a580cd1d8ef682499e74611a066b4a16a35b3df54d904b43e5d72b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\41bfbbb9-f98f-4182-af2a-47248e0e032f.tmp
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
3KB
MD508ae08a21fdbc83e301844af97981d31
SHA141e8c80844a9d80aeb78729752043668b0b5f51b
SHA256d365a1ee7d683314ed53e94f0b3cc4fe9e5a51a38a5ee1c412ff0262a4a6e9f8
SHA5126050c166d9eabbfdfb5d670fc6be7c65330f69aa2c6c1eae18d050afcb60572e17bad422a10e31e107e7ac76eba3a5873528b7d39cd3dbbfd25e893cbf425dfb
-
Filesize
3KB
MD5ed08ae5ddf1ec5075a72760579ee7dce
SHA12a18e95b0b3935444b62638e9e6e7e7f24ce667d
SHA256ab11f64ec2d0fc8801c32cee564b4b86a2a62fd48332e8c861911346d5f29abb
SHA512cab84293fecb523711abdc52ccec3e0b8f2d170c25d587ce4f989dd64ef57db02f3d743364c0c2a9bd25f00f7b5fe6e4a1404690b7905c2a82448ff12385bc1c
-
Filesize
859B
MD59f21040ee7ae3f71a5c9057d58f385f9
SHA1b7c2249a803c6ff18b2af85910cc5f4df9c1b60e
SHA256e728839066773343f7e77856122a3cea50d62f73f9c50aea8152bddbb61fbe1f
SHA51201a97926c611b2b3e523f9707546e10792206d05e27775b0aa177ac33b2daef4120a54dce1c23af24ba55bcbae67bc8bb299eeab16fe5f40c6199488e5d85724
-
Filesize
524B
MD55cb85c27b5526f9b59f6f9c4b3b0bb6c
SHA113f5dcea07e2b5a3de0fbbf2deb5b40d61c03360
SHA256fab317b137c7d19bc777155499eda4459725dd98ec14bd89f260aa71d47295e9
SHA5126fb8606290023898ee092d2a3ea784d4a41b0cbabcdd93dec981bb089357f7640e6d5f8c830875f6fb5562d38bc29c880d2f1739031c50196d8e39b0a322d8eb
-
Filesize
7KB
MD53f26621ed9662d529eba8d4bbd8b6d3c
SHA1e109416f49853fcb2a5ec2337f1170e7bb011bbc
SHA256daaf08c7f063a41b733a42c5831f2a0353eef741085d342e13a53b79c6cb9405
SHA512d161248928b536fbdf66bf4fdf4e65ead5e1ce9a7eafc4ebf666c4f7965522d4c90dfc4165cec7df228b901765ab7772a6a1d5b9b826614350dafb0726bba555
-
Filesize
7KB
MD53d865fe16bb13053d33ab85e4121ff6c
SHA13edc6748b134921158a50ca5953dd9cfe7cd6cfc
SHA256df8688b0178aee9b5d2ba932f61b8a8341d6bcee5a0e0715879908fb7f169371
SHA512360dd7f76db57b32f0cdb92a8bc761a97c56fb6eb6f6bb1adef0e10138a3b0e2c6a6d5ffc26f797c583b97f62f8ddeb40aab153eb85d20fbdb3267693b6126d2
-
Filesize
129KB
MD5db16b5e97828f8d98fbd50d4c0bfbb99
SHA1eb8764ddab68410cf483e0c731f9b7fd3c89743d
SHA25606a404c309d5f828605a695fd416a764fac889a22832fece876ee24ace3b2d9a
SHA5129fe3befb8871ba2df5f19c933b5ea992fbd540215e36d4b269d7f3a16950e31e1ca4b31a36de4d679316e2f9babf55abe433d1fbb3db9f157388bf85fbcee6c8