Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
599s -
max time network
485s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2024, 10:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://skinchanger.app/valorant-skin-changer/
Resource
win10v2004-20240426-en
windows10-2004-x64
8 signatures
600 seconds
General
-
Target
https://skinchanger.app/valorant-skin-changer/
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619716953535765" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3740 chrome.exe 3740 chrome.exe 4480 chrome.exe 4480 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3740 chrome.exe 3740 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe Token: SeShutdownPrivilege 3740 chrome.exe Token: SeCreatePagefilePrivilege 3740 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe 3740 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3740 wrote to memory of 3296 3740 chrome.exe 82 PID 3740 wrote to memory of 3296 3740 chrome.exe 82 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 3904 3740 chrome.exe 84 PID 3740 wrote to memory of 1032 3740 chrome.exe 85 PID 3740 wrote to memory of 1032 3740 chrome.exe 85 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86 PID 3740 wrote to memory of 692 3740 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://skinchanger.app/valorant-skin-changer/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab1d4ab58,0x7ffab1d4ab68,0x7ffab1d4ab782⤵PID:3296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1784,i,11118467359091489490,16270764971006870980,131072 /prefetch:22⤵PID:3904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1784,i,11118467359091489490,16270764971006870980,131072 /prefetch:82⤵PID:1032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1784,i,11118467359091489490,16270764971006870980,131072 /prefetch:82⤵PID:692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1784,i,11118467359091489490,16270764971006870980,131072 /prefetch:12⤵PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1784,i,11118467359091489490,16270764971006870980,131072 /prefetch:12⤵PID:4384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1784,i,11118467359091489490,16270764971006870980,131072 /prefetch:82⤵PID:3508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1784,i,11118467359091489490,16270764971006870980,131072 /prefetch:82⤵PID:368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1784,i,11118467359091489490,16270764971006870980,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2108
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120B
MD57d6c713e66ae0643d3dbb00b88e75bb9
SHA1ef005bddbe023293b9655fdeb94f27af67684bd1
SHA256d3b7dec8b3bd6368f5b30ca0b923573ad53cc568e5d37bcdbedfb0d5e215a758
SHA512fca0923645353ad171f8b250db368716e3a99250478d74f182f0785e260474a28deb0e17a9e5a6d8d368321f232818258b3bc790dc67b9e5be2ba593855046a4
-
Filesize
1KB
MD5b3f6593a6ba4a72b3f67a6b15550149f
SHA16b0da62825040db413a9958a35c4b90098515399
SHA256dfa0c2d13539951e5546a4835218e92b597d48c72dc38bf5277b50c7a091293c
SHA512927645bc31625dc54084bcefb99ff54c0af7c0a8af96a4d3833cd599d481642c6c457893aff1f3e5f7a4f47160fb0b07cfda8535fc662c7ce69c805c9c6ee327
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
522B
MD580e48432e1fa3e3f1edbc83545ccd244
SHA11cf5549190ca27f837e2bfb1e7170b6d18c500f1
SHA256b6c3c008617a9d018791ddcab6eae70f5030a8c0930c70a90fc604537c13f5eb
SHA51281f8f5f11f499ea584f5f01ef59a2d107a5185eac7a0fe026bafc0ae8cba5bc7b406df16828b846cc4da05b63815bbda74dafc2578fd7f756602a1cc4807e7d9
-
Filesize
7KB
MD50537ecdac7046d399e1f55f5b371aab1
SHA1b0bcf8f1651f5ffc2841a8bff9b885be191c2f68
SHA256019f35b71bebb4979df3593725fc25c4efbf40079571aa3463393f17fb3d0a4d
SHA512cf2e6db824b5eaf01cf31671dfba81ef94fe8c6f9419e10740106acc473f82ecd85a6bb015dcb4d76777141176938c6a753615dad8084b3a7c0dabceb08acaba
-
Filesize
130KB
MD50e5dbdbd60b10d53eb8d3cdde97bdc04
SHA100140bd955154e3aa005c905fe67e467281b934b
SHA25658ad90f9f2cc29b196654af712e407d62ce89b5206d235f57fbd4e57417c2eb5
SHA5120cd75270651f2e64c1264657e86e376fe2b784e886c45931491886757c1e8041ca0deba01d06260c201ba3b0c8819b3eefad8b9e1b39ea0bb39f51582749d247