Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11/06/2024, 14:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://wd3.myworkday.com/mediamonks/d/task/2998$2725.htmld
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://wd3.myworkday.com/mediamonks/d/task/2998$2725.htmld
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625880348440310" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3148 chrome.exe 3148 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe Token: SeShutdownPrivilege 3148 chrome.exe Token: SeCreatePagefilePrivilege 3148 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe 3148 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3148 wrote to memory of 1872 3148 chrome.exe 82 PID 3148 wrote to memory of 1872 3148 chrome.exe 82 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 1684 3148 chrome.exe 85 PID 3148 wrote to memory of 552 3148 chrome.exe 86 PID 3148 wrote to memory of 552 3148 chrome.exe 86 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87 PID 3148 wrote to memory of 2196 3148 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wd3.myworkday.com/mediamonks/d/task/2998$2725.htmld1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3148 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad4ab58,0x7ffa3ad4ab68,0x7ffa3ad4ab782⤵PID:1872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:22⤵PID:1684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:82⤵PID:552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:82⤵PID:2196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:12⤵PID:3004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:12⤵PID:3152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:82⤵PID:4776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:82⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4676 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:12⤵PID:1792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4812 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:12⤵PID:1036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3220 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:12⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:82⤵PID:4760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:82⤵PID:1168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:82⤵PID:1492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3916 --field-trial-handle=1908,i,4016085761387197817,8596789650419601622,131072 /prefetch:12⤵PID:4724
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5cc5f0b03039bcefceadf6ac770c6e06e
SHA19aed7f6561d6b84854b728cd58ed59a928d6729a
SHA25631ba5434f47c980010e2af0e83e976dbafdba20bffd88a9dd48474efabd80bf7
SHA5125d38ce4d4e0c47bf21cdc144bd495b5686859d8e27480f987629cc6ed675ace4cb1b8c11357c3ddbfd57d54d941b77c17dfcd8399811c6f96fbf4e61dea8447d
-
Filesize
7KB
MD550d96699a9d4214d4146e300b357505a
SHA17b5a2f886919a3e447cdc5766cc0474abd86ef04
SHA256f5539a1bcb4eae9eb3c078e171518201606579d1b4d9d48dd27ad2f0d90898b2
SHA512c2eeaed6f7b04c481535e81c91cfc440d8c5fdb7c72c525fca50614804945d123fde6ed8360cb185a178039fa820284c220959dc8a84cc9942c9f93c4d99c298
-
Filesize
257KB
MD5e65fd1b604f1900840e73b787909e29d
SHA13a5cfc45e602060e553d6b2844e66b84cbfa18a4
SHA2563a1341954f8a1749ebc5b60d6aaaeff127be64977067eaa5b57ff8e00ebf684d
SHA5129b0fb90de11b33d888351cee5eca290112d6baad0dc8feca7d1143352fdf13fa9649b12a49167ed2d41601201729a9004b18ec06993a64ac76bba6a2c4b7ed24
-
Filesize
257KB
MD598513f69444ef6d2211edfae463e3ac0
SHA1bbf4b1be9fde1125003fb1d3838486eebb69ea72
SHA256564ba6e39f8fecb60153191a5a4c659eb97ad9b65b4987f1e38d9add4dbcb9fe
SHA5127e918a4a7b2354185d17eea779952aae311b23092f7eb0af87511e1b4d47873a12b3aad37103f1f045e83af2b1ebd74ffec8eb88ebf170582165317f33860f8b
-
Filesize
91KB
MD51d8f4920866fb726d8780bf4591e6e02
SHA167a6ff7bc3e9a4b89d040a569031c9e23369ad31
SHA256cec753bd6c0351f11b655a3e1cef56daf1a34f079f66a192966fd6c3e3957219
SHA51206006e19729bc994f65d1516ea86a27503a60904c28edc8165cf807ce41881f797c1b5d7ce97012f1c70f52022158c83d14cb831a7413d3b19b78cf1ef451c08
-
Filesize
88KB
MD5fda086e9f9a2603244f010289fe985f1
SHA171706995b6daf3753f1789c47912c28386ccaf28
SHA2560c4dc0abf721f7074d5a1cad61f68ac27f44fb06d0c70e440250852c6894f69c
SHA51219a05511cfb15051b394b8e2de5f3ccd14a5c0ac659c9f1f0e96b3874640fea0d1f86d1603ab67056885a05b7594da480c9ecc998602324e35fa7072459b479d