Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24/06/2024, 08:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://url.uk.m.mimecastprotect.com/s/p-D5Cyp4rSoYlocMh3z3?domain=emdad.imfgo.org
Resource
win10v2004-20240611-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://url.uk.m.mimecastprotect.com/s/p-D5Cyp4rSoYlocMh3z3?domain=emdad.imfgo.org
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636898796435952" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3588 chrome.exe 3588 chrome.exe 1904 chrome.exe 1904 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3588 chrome.exe 3588 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe Token: SeShutdownPrivilege 3588 chrome.exe Token: SeCreatePagefilePrivilege 3588 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe 3588 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3588 wrote to memory of 4308 3588 chrome.exe 85 PID 3588 wrote to memory of 4308 3588 chrome.exe 85 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4668 3588 chrome.exe 86 PID 3588 wrote to memory of 4992 3588 chrome.exe 87 PID 3588 wrote to memory of 4992 3588 chrome.exe 87 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88 PID 3588 wrote to memory of 3376 3588 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/p-D5Cyp4rSoYlocMh3z3?domain=emdad.imfgo.org1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96ea8ab58,0x7ff96ea8ab68,0x7ff96ea8ab782⤵PID:4308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1908,i,2626449039414648260,17975964336781899698,131072 /prefetch:22⤵PID:4668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1908,i,2626449039414648260,17975964336781899698,131072 /prefetch:82⤵PID:4992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1908,i,2626449039414648260,17975964336781899698,131072 /prefetch:82⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1908,i,2626449039414648260,17975964336781899698,131072 /prefetch:12⤵PID:3308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1908,i,2626449039414648260,17975964336781899698,131072 /prefetch:12⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1908,i,2626449039414648260,17975964336781899698,131072 /prefetch:82⤵PID:1144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1908,i,2626449039414648260,17975964336781899698,131072 /prefetch:82⤵PID:892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2420 --field-trial-handle=1908,i,2626449039414648260,17975964336781899698,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1904
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD53afe25269b81c49da8c95027059e47ad
SHA144969d9a382b8e4f1cb7f78b2d8d6d63199f2383
SHA2566b51668ea17ff18410256cf8586bed0abf7ef97c82bca4e4137d217924da1a7e
SHA5123ff2ecb8f2a4da2f7e4c54970f3d0615fe1ab289e93ee1daedf8328ffe888a04b7f6a240eac946b7c24842b413d2fc0cf596009c36ed6660ea77e38f4e05d0de
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
690B
MD53dc2694aca774a22455583c5a7e8a5ce
SHA12a10bbba05546dbba46f159bb0646ecb9a72c6ec
SHA256d1c4a9ca9f77378e7a9f62b1adfd313ef8324ce7858460fa38d481717c2eb90e
SHA512e1362c5513911777a48e7f58d51d7f5b8dada9138ce56471fed0e1bba36354e925829536fd9d6a95e2b1947dfa794210d1bcca5bdd48d7e9028d145034e4b0c8
-
Filesize
690B
MD55ba88a564984c7bb30ba973baf2c45ed
SHA16cf87006eb5575b5f0843ccd27bcc29b30137e7b
SHA2567d27d0390ff4855deb6cb142628600fc2312ee2340cef9e16112666263ea7108
SHA5121ef65b1d6f16af03fbe220f67bd30be692834b8f8a6564c47cc4a9d605b0bd6d88a77452922ea2cbd6bc296310aa920b83b1676512105dbb66342f27acbfe352
-
Filesize
7KB
MD5cf54b8e9fef1e66381580cad8f21ccf5
SHA18b43674fa14c7546e0f73501f107862e020bb90e
SHA256b74d4b675829099f56c246a137ce4d4e6ba0b7fa4f1bb247706ec4f5f9a17d88
SHA512244f14b79b910c5cbf50446bc33271c04201146fc0e4e0648a96b88ef8f8c53faec45842a1eb1c57b58fb3cc11b22cee5121c984aedd65d7ed530d2ad1358633
-
Filesize
7KB
MD5a88a0803cce1cb27b65b85d1c2b6ac93
SHA1ffb7178543ae0cda0be2c62dd0dc23fde153058f
SHA2560dd36dac431c3ed0723456b2fb780019d40c6b81f540b8603865715637958f07
SHA512a819b08962344183cf62548c6252a6d7eb40890f886e8295550ea4779e6145c7fe8798a20e5469351039c924e096d8dc90bb9f1b10756672e4c47f10f11f70ff
-
Filesize
138KB
MD598dd28cec4779219b28fe2f4932c3976
SHA1ae410ee431ff6dc1a3d5d867b8980f9f53930c46
SHA256431e6905826df9cef3e34905bbcbe04ab552c43bf7cb8bba4ae1d59d523e149b
SHA512a7cff3cbf9cb337958e5889afa45e88e4fd165fd3ae7b6fc0bf5859c451ab803fd1bc4dbafbdfc2e14b69723999f41fc6b1b0ed428408a713363d430c8304c29