Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
52s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24/06/2024, 18:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://linkr.it/4iwyTE
Resource
win10v2004-20240611-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://linkr.it/4iwyTE
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637262078770769" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3096 chrome.exe 3096 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe Token: SeShutdownPrivilege 3096 chrome.exe Token: SeCreatePagefilePrivilege 3096 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe 3096 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3096 wrote to memory of 1176 3096 chrome.exe 83 PID 3096 wrote to memory of 1176 3096 chrome.exe 83 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2360 3096 chrome.exe 84 PID 3096 wrote to memory of 2228 3096 chrome.exe 85 PID 3096 wrote to memory of 2228 3096 chrome.exe 85 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86 PID 3096 wrote to memory of 768 3096 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://linkr.it/4iwyTE1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffa408fab58,0x7ffa408fab68,0x7ffa408fab782⤵PID:1176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:22⤵PID:2360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:82⤵PID:2228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:82⤵PID:768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:12⤵PID:2268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:12⤵PID:1540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:12⤵PID:3448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:82⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:82⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4216 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:12⤵PID:2916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2948 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:12⤵PID:2052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:82⤵PID:3680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:82⤵PID:4852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4644 --field-trial-handle=1896,i,7291964931020929012,13114381727499851730,131072 /prefetch:12⤵PID:2148
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4620
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5a3f583411bb1726e2138a77a2d65e360
SHA1fd759068823e1426adca8b2b97d3930a44b7fd25
SHA2568d75319c1da19e3585f5a68e9ef31f1d227e5f971efe6704820bf375d6e70a9c
SHA512acbcead4ec167100cc08220f448c4c2cd429e4cbe8c76dbcc93171ac422541c404b7daa26f71c89a0f0ffa60c9251ed4adb9f34609132e4176a21ec2e239f85b
-
Filesize
356B
MD58e74edae62a136e47e711520333dd5b8
SHA1d271024f3c9f93784f1639a4ba7c2a5d8be8bfd2
SHA256d45da629eb253a8267172cb12614472f88fd901e6eb5caa810c677c74223047e
SHA512895e3097f24a578a83bdeacc1fcd42ef7e72d8c16b212032dc0f2233ba3454b468e462f0ec7c1bebf681f6bfaec340444ff18b0611fe577151461b68e7c2e2b2
-
Filesize
7KB
MD54159e2339d64d24fb52a4d2db63aa85f
SHA1f3a5133aef9baca5b9849feda06f0e9bee8ab65b
SHA256062cf4ad03d4e7289639fc3b9423f714a74478865531453a04d6e1ffe001d489
SHA512d9d7d2667a6d177c5cdd873a15cfc2b67f874005fd0b700c57f802a7e09f2066a6a37cbe49256fa43698417b1792bd2b9b4c0f9a6f9898cb158aecad3fa5a3d4
-
Filesize
7KB
MD520d3b63a72be9e36cbf183df0aa64e6f
SHA1b43dc9ccbb431df920d77ecd4dd7e503e199ec34
SHA2564902433b65f0374f4c871dd0eb4bec6020ceb3d343bb0c61b3c4ad959d326403
SHA512831ef876cf2c1cb92213c7008dc9ef87845a59fe78bd423b35f97a8f4c1f3f6577d490a3bb6d110a915a672eb0d77256202cc4ade4ebe6634b68547bd5151886
-
Filesize
7KB
MD5f42f6b8b2ac61366c35184efbc06f106
SHA1d213b2db02a3b86ae06d52eedf7cf1bd638eb852
SHA25675fd3a718a3b82f58b2dffaf91b78cb080b12b02eeacf92e691beb3ec0861a33
SHA512ea8adcb979ba0ca4c7cd4c5c15d5162efe2d37c1985f00693060589be91dcc39f60b8aaea13be64f4ae4e5b605f8021c901985b9e95df688a5381babbcdb0fb5
-
Filesize
7KB
MD55f611326756068066967cf16ffac42b6
SHA18d74a5bdbb1895e3170f70d40049fdd3d5103509
SHA2562fa219c95f683739e94d55418fed19f58d0e93df5c6d01cfce2634dd7a93e1ba
SHA512220e3f8ab380bba247170ef53c49b86013d8b2ee146865a3bd32c780f2f92a5214477f643a3df2ae3b06b913b727c5af1960e22918ef1da0d1c6558f202cdc38
-
Filesize
138KB
MD54cca8ec08bf1502915dda892b9de193d
SHA1888fa0d203aae8b551bf023062577e497c7aff1e
SHA256497dc0a7f6e334b3c07c85a0cdb727637c76f988c4130b784c7a48307b518887
SHA512f1c192b2939cd75d7609936652f8a147c2c56d38e55b1f9f392ff25865dff2ee13877973c95b3a260e21eb2be49db3d160188de20f82c82f474446ec6bf3d70d
-
Filesize
138KB
MD5d1f454d7393dad15ed08e069efafd024
SHA158cd7975e87fc893b42c9ffb4579ebf14c167f52
SHA25617502537ff94fb82f1c96f44ae9b2d5070dbc5559763d96da17dba6820232582
SHA5124dfb3208b0f08d4520e086026740abb45cbca8efb352ffd32e51746496f0942f3a4b3f9f040e1eb4186f49235c4f15681038fd8716e57094661329b2f6aa5e9b