Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
112s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://liveprivatevideo1z.viral2024.my.id
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
http://liveprivatevideo1z.viral2024.my.id
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617668284946744" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2476 chrome.exe 2476 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe Token: SeShutdownPrivilege 2476 chrome.exe Token: SeCreatePagefilePrivilege 2476 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe 2476 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2476 wrote to memory of 3236 2476 chrome.exe 83 PID 2476 wrote to memory of 3236 2476 chrome.exe 83 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 2648 2476 chrome.exe 84 PID 2476 wrote to memory of 4800 2476 chrome.exe 85 PID 2476 wrote to memory of 4800 2476 chrome.exe 85 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86 PID 2476 wrote to memory of 4536 2476 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://liveprivatevideo1z.viral2024.my.id1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc001fab58,0x7ffc001fab68,0x7ffc001fab782⤵PID:3236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1860,i,9538450235250775654,2651038620672345833,131072 /prefetch:22⤵PID:2648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1860,i,9538450235250775654,2651038620672345833,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2072 --field-trial-handle=1860,i,9538450235250775654,2651038620672345833,131072 /prefetch:82⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1860,i,9538450235250775654,2651038620672345833,131072 /prefetch:12⤵PID:4448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1860,i,9538450235250775654,2651038620672345833,131072 /prefetch:12⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1860,i,9538450235250775654,2651038620672345833,131072 /prefetch:12⤵PID:5088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1860,i,9538450235250775654,2651038620672345833,131072 /prefetch:82⤵PID:4432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1860,i,9538450235250775654,2651038620672345833,131072 /prefetch:82⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3140
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6084b326-334e-4afe-a08e-5724592fd784.tmp
Filesize7KB
MD5bbc991562ea532dca8a6aa8c8e87a9d2
SHA12714f0dcc4dfd40474bd8eab8efcc67ce640384b
SHA25644289387b7879d28c92aa77323dc27e269db89ca56394f2ba30b667de50b7ed1
SHA5125e24e758640234593cc2c25071a8912ef23c9963cb816fae2aa742fe4547cf15311479e320090946a44484e8b0976ba8d9ca0f752fc59b6b9a485c7cbf0a35c1
-
Filesize
96B
MD571f9cf9bc9cc24886037b3bd5609a5bf
SHA1360d0fd122c708427379d70532f129bfbc48d732
SHA2560daeb63448a2477f5847a5b4735452e07aa3eef7d95032377ea561c4fed3e6e9
SHA512e0287b40a502a3aad3f5da0d03b1dd172933899bd3470be992993a42140bc0f87db01c79464c98942006629fa09ad1936107578a3f54976044ffa7348b9ba042
-
Filesize
2KB
MD5c579ec596c78822bc24357e6f1717f19
SHA1aca06cdb79f93a00420530c6754b49ed2c41ca65
SHA25665c2c33090d5ad6565a7467bcf354d2ada1f6991c24e28b07a6cf3894cb82a98
SHA512bf0a5b90f33aef58a8f180aa21ba53f99bebf2234121fb617390a8802e3ad5e18a44bb157623352e62b85438a1eb2771cd1bf5909fc7a027877011445c119584
-
Filesize
1KB
MD5c110ead34ceffa83d709cd4273dd8467
SHA16b56f0e7573734c4545b236c9cd49ca4fa2ec52c
SHA2562a9738c7454f27e3c64ba006f608d7e244ec0aecb29e91eb56ea1d514ae4578e
SHA5128e7cef120c8a8fdf061aef217c1362b1ebdbcf5f06a90dc89b2760a94efcffec5e3c8270dda27d8c20fdd34816809631c3fca022af820233e74fab56b166b60b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5762147208a3d7b6978808a6695f04cfd
SHA11797113493c111b7fa1ea1d7130ed2ad6a34f790
SHA2560a55edb623db0090d755b06e979d09c16dd2fb8e1c7e300de41c56835cc754fd
SHA512a86db2f0223c12eaf4a5e91ffb194f9fd9e95d3f1977f0bf85339843dc7c7a14222fe23d493980d14243db5b8a84860c040dbdd2412359bf76c509fe6e3288b5
-
Filesize
255KB
MD5838dec2e06f9862399947dc4d0de157f
SHA1989e1fa8f73e976aa27b6f8284fcd3adcfa87b59
SHA2569526eee7cbe1be84d5fb23538342ef313c9047ef379b0503d73927844929af17
SHA5124ce75ba9aa2ca4848619c4798065463ba07d73f6774cb88dd486454ec25caf7ee54b88f19c2c9b7b5644b913047be252602ebb39facbb0755548131b201a8717