Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2024, 14:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://t.yesware.com/t/ccdc4f3720506a3b25fe8c87fb747b9d71679011/212e03f5d72fcb19709fe8ce12a93a93/spacer.gif
Resource
win10v2004-20240426-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://t.yesware.com/t/ccdc4f3720506a3b25fe8c87fb747b9d71679011/212e03f5d72fcb19709fe8ce12a93a93/spacer.gif
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620710279739455" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2328 chrome.exe 2328 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2408 chrome.exe 2408 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe Token: SeShutdownPrivilege 2408 chrome.exe Token: SeCreatePagefilePrivilege 2408 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe 2408 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2408 wrote to memory of 4844 2408 chrome.exe 81 PID 2408 wrote to memory of 4844 2408 chrome.exe 81 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 3344 2408 chrome.exe 82 PID 2408 wrote to memory of 952 2408 chrome.exe 83 PID 2408 wrote to memory of 952 2408 chrome.exe 83 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84 PID 2408 wrote to memory of 2748 2408 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.yesware.com/t/ccdc4f3720506a3b25fe8c87fb747b9d71679011/212e03f5d72fcb19709fe8ce12a93a93/spacer.gif1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba1ab58,0x7ffceba1ab68,0x7ffceba1ab782⤵PID:4844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:22⤵PID:3344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:82⤵PID:952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:82⤵PID:2748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:12⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:12⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:82⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:82⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:82⤵PID:4504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:82⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:82⤵PID:4612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1924,i,15081203897394001858,17397712446784537739,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2328
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1056
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
927B
MD5b506be19ba5ea356c6fcef6eb4d083ab
SHA16266377af4d161dc60698139f0d6569df13d3fc9
SHA2561f9c2028da3e9d43fd4aec6502bc78c469b161d475404907591fa9580a787608
SHA51232b6eee08c81ce86f8f3ec8dda93491c3d2f1eeda34f1c74fbb81ebd652a7ff833dcd6143fd2d39b530e2e4fd5ab5f2c819c8031365b4ec5487ffccdf5de5ade
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
521B
MD543d3b8c89bdf636a964c87462d38b934
SHA144985579c8c55549d1cef2127788fd09169a51b4
SHA256e1044e1e4503db37397f1a3c93b50ee70a2b630d9f5c4a852fa6fb9c1fe1dbe0
SHA5129dff166538bb7847c1d552647799c4c26102b3d5deb6a453ecdca62f31183289572b8e5b1c127c7fe5c861a5d126f5f96c64db279582354c053f682841a7ff80
-
Filesize
7KB
MD5802cbdd127fed82da4ff192bcbaffd54
SHA13aa123ee4b8c5b02709e95d73c5e505753d9ced0
SHA256e9cb3deabb3789051673730bd3cc6e6501a6b45be8ad588743c0a862952ac522
SHA51284408e5c8806e1e4689f7c6ba196d4691da6ba26f6682db99040cad54489ff982454db0bf2c475599b2767b7d114e2807563f413ef43154b7df6811e770fd73b
-
Filesize
131KB
MD5358f7b1bc37a1e731ee160f4beeaac67
SHA1776713982f9762ffc5295f8d305df67d20b45b07
SHA256b2a295a3909291079bd8039c8b9b31923f8f06e494821ab88acdfd817fe9c2b8
SHA512ca87f4bef89c5007c848a87d49a3a1ef961f78000d5e5e5cd22d8f96eadf9691b90622e42148aef31ac2118b70ae223c72f4bb866136a9c96db986fe96cbce7e
-
Filesize
131KB
MD52dcb6573d033b276151a62f2556c000f
SHA1cb039b6bdc3129c76191de319bc1e42877404464
SHA256f988b9099ef4cd8ef6c309809df0833a4c0acf917dea9e15ecef7f2f2224ae4f
SHA5128a04d8f73c700bd35b1b4b03fb0e0a06a3d09897364c16e72f70521c34783c922cf44032cebd225bb1288a55a480e08826ba2c64d60382a5d9c5c8ba486ff1ab
-
Filesize
132KB
MD507dfb2ee19a2a16ad3ccc294a6feaf5a
SHA1970a5ea1b4faf42b46e31ef4c6fef27b35fa58be
SHA2563c9fa7a31c8561aafaee7d7ffde6fbf2ce93a5cb56893ceb405c0cf28a8899e3
SHA5123d8d4fad2830ee13e128ee653c98cc623c64903c3c5479b854e1ca6caa4adf58b2b1d91c5af5af43e1901220fd1216f4d2b1de85925bed88077972b10a3214b3
-
Filesize
152KB
MD5ba03435aa6d9816f0adfa53c611287b8
SHA16d76b89c65a188e559cd3fe8fdae048a2c2fca97
SHA256e5ea2f1b4b65eb2005ea4fa15c82e3d18cf5a175c35884c6da9e6887f151f727
SHA512b824445596f6170271d549563648e68e3e2d845ca4974c16140498cd33d0fd3b0129c39ca39370fe87977928db944d81861c5671209a10fd601b1d315bb98230
-
Filesize
91KB
MD56d95297419d3f714b772fc985d875a16
SHA195544a7cef3ba72f364e86ddbd2f54023c6fe389
SHA256def85303b95214b0ac2327d8a1295b9db5c8825984f9d0bf2d61ccf4a0fa1908
SHA5126045d86255786380f10aaffb2df6abc659e5fe396954590001e830aab14860b87e1d228104de306d308807d729592aafbeba5e5012d1eb1dad504d38c799e1e2
-
Filesize
88KB
MD551e679aa8931c9bba508b9e911191e10
SHA1379edd5d4972769d0075bf1fc4caefe8bf37d9f1
SHA256ef8418bed08b02433c3d8d9aad81b8caeba1fd015049460e697e58b293b44b8f
SHA512f4111a1a577dea57279f5c11ddbe81070745231eed81890323aed3388ce9511a6b25df8d1317da3b0830c76819a6cb62ec2ee9e99ed0f933a1af82d5b50126f0