Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://95.110.157.172
Resource
win10v2004-20240508-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
http://95.110.157.172
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 34 api.ipstack.com 36 api.ipstack.com 42 api.ipstack.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618750059487091" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4072 chrome.exe 4072 chrome.exe 388 chrome.exe 388 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4072 chrome.exe 4072 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe Token: SeShutdownPrivilege 4072 chrome.exe Token: SeCreatePagefilePrivilege 4072 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe 4072 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4072 wrote to memory of 5000 4072 chrome.exe 82 PID 4072 wrote to memory of 5000 4072 chrome.exe 82 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 1788 4072 chrome.exe 83 PID 4072 wrote to memory of 4236 4072 chrome.exe 84 PID 4072 wrote to memory of 4236 4072 chrome.exe 84 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85 PID 4072 wrote to memory of 1704 4072 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://95.110.157.1721⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4072 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08d0ab58,0x7ffd08d0ab68,0x7ffd08d0ab782⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1604,i,8930557925524807843,5887269069193555317,131072 /prefetch:22⤵PID:1788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1604,i,8930557925524807843,5887269069193555317,131072 /prefetch:82⤵PID:4236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1604,i,8930557925524807843,5887269069193555317,131072 /prefetch:82⤵PID:1704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2804 --field-trial-handle=1604,i,8930557925524807843,5887269069193555317,131072 /prefetch:12⤵PID:1772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1604,i,8930557925524807843,5887269069193555317,131072 /prefetch:12⤵PID:2856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 --field-trial-handle=1604,i,8930557925524807843,5887269069193555317,131072 /prefetch:82⤵PID:2876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 --field-trial-handle=1604,i,8930557925524807843,5887269069193555317,131072 /prefetch:82⤵PID:3256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=988 --field-trial-handle=1604,i,8930557925524807843,5887269069193555317,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:388
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD5fc17658b043151496188c73924199c84
SHA1bbfa2ae7421ae1b5f889d321d2d9af5424e8be96
SHA256a0929e48ab832db8bfb674e69e8e66b972d3be246398dd6d2cfe0322f8dd2519
SHA512b6c96ff7b48dc3eb677ab2a522ddba52bff5e7130afbde4411bcc3d926b12734f4833a8a66351cacbe1cdd57f1488ffce71d893b01c0a8da64beb96aaa60106c
-
Filesize
2KB
MD568045ecfa85c81d76c9d782a39294411
SHA1ffd075eb196e8072161b6cd8d33e2c63789f2606
SHA25612231b511d5b7500a8bdf65231c87ed4833ea619ac54b3fed0eb6edf2e32a95a
SHA5124bfe3ed934eee4a84daca25d0dde745bf8c7fa25ab5c7aafbe2c2bb0e1a9e0c566611725dcc683c53971c4e649bac1cede23502875ae4d7b78441e381a5da429
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5036ec34c50aacfcb6fccde69d4b05487
SHA1be4593a6f6a7554ea0038eb77ab491634926552d
SHA256538607cd0ce64de78d7aeec90bc2b34de23664a0ffffb9582c5bd05ae7c39e85
SHA51218492e4cebea7693a9ffe38a7addd57f78a35922022704004e2961dccafcc1bdbfdd13863b4aaa5c375ecbf9822649ec7490e4c2b649d5bb33baa9f999bed296
-
Filesize
7KB
MD5e544bd4ad9d8d81cef73ac2726e2370e
SHA14d1a1161f00e5093e0b33871d46c6cb21c2cbdd7
SHA2567a0b59b476bd9c707413f95b12626d04af363da80087409b8b93fe74b11623a2
SHA512403f584219ee016966ad41873e8c241746ef339d6de5b8dc0b461a66a73d559b27f122187da2a1bca555c249b9de0cb5072d4380179fc3284650ebba459e99f3
-
Filesize
7KB
MD5aeef177f650dda3377125ba0cc51aaff
SHA1910ef061424b4520a87ea586d50b50e009fa72c0
SHA25671b3de98859430f397fbcb298e87800c95f0bded3f4eda940df700da8841dae5
SHA512d538b78f9f70ad78923e86c10232a14ebb819822666f1386af80a64a44e09515c963bc40527db4bdde99e93af0c134d0acdb021acc2554a2ebecf605d345598f
-
Filesize
129KB
MD568fa830c0c89c3024af0ad0376ec0982
SHA154363957ce932d3dbbf3f367ef700a553c839a3c
SHA256c5114443c0225eb6812f05771d1399bb0be147ef96923793876e054229608c96
SHA512c58ad7275fcaf30bd9d71dd17f38c89618b9efe4ef3381b82cb46a1ed46e9bbe5cbe075a80f119a9e469430f9542f82f3b37b5262ff400ca91c5be8d9d49a18d