Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2024, 20:02
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nonlexical-dyspeptic-a94b43d4c772.herokuapp.com/b?y=49ii4eh26or3acph6kq64e9k68rjiphg60o32ohh6csm6cp25gh748hq49k78t3gect2ubr3c5m6arj4c5p2sobge0n6errfctm6abra75ajeqr998sk6rjk99t5kui66sh0====
Resource
win10v2004-20240611-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://nonlexical-dyspeptic-a94b43d4c772.herokuapp.com/b?y=49ii4eh26or3acph6kq64e9k68rjiphg60o32ohh6csm6cp25gh748hq49k78t3gect2ubr3c5m6arj4c5p2sobge0n6errfctm6abra75ajeqr998sk6rjk99t5kui66sh0====
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630417920383529" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2316 chrome.exe 2316 chrome.exe 2352 chrome.exe 2352 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe Token: SeShutdownPrivilege 2316 chrome.exe Token: SeCreatePagefilePrivilege 2316 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe 2316 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2316 wrote to memory of 756 2316 chrome.exe 81 PID 2316 wrote to memory of 756 2316 chrome.exe 81 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 3948 2316 chrome.exe 82 PID 2316 wrote to memory of 4248 2316 chrome.exe 83 PID 2316 wrote to memory of 4248 2316 chrome.exe 83 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84 PID 2316 wrote to memory of 1648 2316 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nonlexical-dyspeptic-a94b43d4c772.herokuapp.com/b?y=49ii4eh26or3acph6kq64e9k68rjiphg60o32ohh6csm6cp25gh748hq49k78t3gect2ubr3c5m6arj4c5p2sobge0n6errfctm6abra75ajeqr998sk6rjk99t5kui66sh0====1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93d6dab58,0x7ff93d6dab68,0x7ff93d6dab782⤵PID:756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:22⤵PID:3948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:82⤵PID:4248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:82⤵PID:1648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:12⤵PID:4556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:12⤵PID:1936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4152 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:12⤵PID:784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:82⤵PID:3752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:82⤵PID:3112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1000 --field-trial-handle=1880,i,8690826262736328216,11414346048177867082,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1212
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
203KB
MD599916ce0720ed460e59d3fbd24d55be2
SHA1d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA25607118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA5128d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8
-
Filesize
336B
MD5d3ed06f2c3755418d1a9210bdede46de
SHA175d32a4ff8212e95fd08d9921a2c91c41fa9dee1
SHA256f65b47c358d5f80c632523d89f144bd48af264b0fbf4e6a3c32cc43b51f98be4
SHA5127d64262d543f7e3e60c4f11a6bd37a0afc5e079a4b49159e9408a2c3b9031c10de49b65ac818b25a8293817eae4b2ea7a3dbc0e7dd061322563dcc292b6568b7
-
Filesize
3KB
MD55025bacc2a882b670c96edcc805c7bc1
SHA1a18fb386b9e8d2bc25c1e03e1007944c067d14dc
SHA256358cb36718145230b986940b1ceceb9773ebd2199ff7436438ff41a00bddd5ef
SHA5125a005fec29edd3b0ada60432794ac1483f0722f958091eb61e95f7724ddaf5eabdcc51ef4b36ad9c15dc975c243bf3798897674d21bdfa25ce47ac842372c73e
-
Filesize
3KB
MD51a52f8fea7e73700b2ed96e829fb5faf
SHA17087942a60702a0873a9fcf2eb940dbc26c433c7
SHA256ad87fbb13b7fb951f849ee54aee5d85f2e2aaf0f153a7f6dba818c79625e3fc8
SHA51290cdf5465c22142c2c7726864ee9d6420d0523fdcf1764073f964b594f3444dc095be93a88b74eddb836af002d43f26d00a80deac2f2682c26cf84a2eb5aff05
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
853B
MD5deba5281d8d47d85ca3b0343884edbf7
SHA11c49b26d13b3eaf44c4ed17873cd1b153ba1fc56
SHA256c7d92f37b0b591dd69efee74a31382b4cefbc50c6d793de12a20598eafdc0715
SHA512a26c9d5bf47574fda61677961799f5f0c6daa06ce53df58941b2cc3f9b8d4c07aafca07a36548f665f6e16e2105cb7cee4bc05b266c19f604c365f28d31681f0
-
Filesize
855B
MD52b8b2892409a9735cccc4e73239d8055
SHA116ed2f6a1ab0ee79846f7881d6ae751f0183eb71
SHA256dba02de6cb74975782a766baf6a56998dbcd0b3f944d426c41c455d942674568
SHA51226afb5ca945fff699491ede33ae6e72244a2a2132c6554596f97f9b30c0928660e1c6e8dbc5d203cef67105737928c3ecf6904dc6b4201eaadeb5cd9672a467d
-
Filesize
855B
MD59bd2d2002a5902df040d74a33fd5a4ea
SHA12e0d4e6de04b927ba8fe37acc32fa3633257ffb9
SHA25635a7c3bdafee62805d8a52a771586fdfb70bc90cfba7448fe41b6b566562d58f
SHA512b436dc8cd9188435df88db3471ca042d55db00b0386f3d1ca5bf5e00acea612ba4d51e3f41eb1e50987d912192097db702f4884df3b36125097962314936f1e2
-
Filesize
7KB
MD53c99969e59fadf90f048337002c6750d
SHA1cbe75d36b48d2f8eb6a1a990070edeb4ab464343
SHA256773d8209a5782dd0eb0c26fb084bfffd807cd305f83d33b0e2d314c97bd2d56d
SHA512fcd357f3cad7c61f0930b2ba112cbb9516ede3d487455afe16c3ebc18c7651932bfa4da63564e904744df3785ad21bebd1a24b4f78940024961e9ec76aeec78f
-
Filesize
138KB
MD5448ca1d71435065b67fa5ab4384dfe86
SHA1dabc75d3096ed2da7a31a132825c5c1387fe135b
SHA2569aebfc5917f2920dbb6784bcea2105dba852f7cbf1fbc943cb82cc642cd34063
SHA512d6fd49352f5264e6232b62e32327c61081b50e20d663b4f5023f72883de46d01c4c0fd1343e708ef498db84d5a22de190be84b46643979d5c9be017831c145a2