Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
27/06/2024, 13:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://munculsp-diamond.com/itau
Resource
win10v2004-20240611-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://munculsp-diamond.com/itau
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639687155427747" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5116 chrome.exe 5116 chrome.exe 3612 chrome.exe 3612 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5116 chrome.exe 5116 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe Token: SeShutdownPrivilege 5116 chrome.exe Token: SeCreatePagefilePrivilege 5116 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe 5116 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5116 wrote to memory of 3712 5116 chrome.exe 82 PID 5116 wrote to memory of 3712 5116 chrome.exe 82 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1540 5116 chrome.exe 83 PID 5116 wrote to memory of 1568 5116 chrome.exe 84 PID 5116 wrote to memory of 1568 5116 chrome.exe 84 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85 PID 5116 wrote to memory of 3172 5116 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://munculsp-diamond.com/itau1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde805ab58,0x7ffde805ab68,0x7ffde805ab782⤵PID:3712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1968,i,12090323354056112786,779615122874830665,131072 /prefetch:22⤵PID:1540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1968,i,12090323354056112786,779615122874830665,131072 /prefetch:82⤵PID:1568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1968,i,12090323354056112786,779615122874830665,131072 /prefetch:82⤵PID:3172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1968,i,12090323354056112786,779615122874830665,131072 /prefetch:12⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1968,i,12090323354056112786,779615122874830665,131072 /prefetch:12⤵PID:1312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1968,i,12090323354056112786,779615122874830665,131072 /prefetch:82⤵PID:3872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1968,i,12090323354056112786,779615122874830665,131072 /prefetch:82⤵PID:756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1968,i,12090323354056112786,779615122874830665,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3612
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD515e88e871f443af1e3baddc956d80b49
SHA1a0bac2104bdc4834242d10be0fc436ab627e5d84
SHA25680fadadbc163cde0a7193fc526b507d945b76ef8761883b8b2739413515ea9c7
SHA512921bdd900661be6b2eb2e4bff34f016ba8607ecef7c4f1f3db13456a308179dc8e72ab87f4deb31ceabffb28fe9d168feffad512dcc25a130b3a08c28ca29f20
-
Filesize
2KB
MD528955aecb840680ad9e27214f4621948
SHA1bda47688437f7d614f0e363c338cecd360554bcc
SHA256fc404528ad9177f44428bd3ef000b4997c5cdebd530ddf5377946269ed21b80e
SHA512c74419e82c2d1a975fa17376aca25e29b5a528581edd271fe6ac7ccac5c438eeea8574977f4ed87ee4f73dc663325f7762d36714d3ca9b97ee6d5583062f3e8a
-
Filesize
1KB
MD52a4202e19d119c0be1d9cbcdb7c92698
SHA1de935ec65d0ba499662d6605fb00f0007079db79
SHA2569ecd78730b5a2927c12be19c8364ad5d6bb2df645c836a845ad6159bdbfeaa53
SHA512f272aae83f958ebb8249ceba45dad05a6dccf174722b1bcc1c358b050da63d85e521914be31fe3a971c20a8b2ab367c9dbab3e4de9c249f5230b686dcb8e9f01
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5c9c1f59444c80ab9009a2b832fcb18c6
SHA18e5ac9496e6255dfd48c3d7b13dcf808275bb1c9
SHA2569345c2505e419341588bc23fdaa8cb8b960f2b6fbe06744bdb8c7e505fb495ae
SHA512d962efed76fbdd87ef0f3658a4c92f294cd451e50a14ceb24b313ff38e81448475fcf43e7819953253534ef235f372a229d99de0878015268fdc59cd9ddb39c7
-
Filesize
7KB
MD5298dc7d0a08f4109e758c4836b483648
SHA16875824f73293f0dc57ed131e2d63cd73d065b9b
SHA256620d55f0ac25850d8d2dd8b423a0407e6cb7fa03015482e2d0cdfaaeab17f045
SHA512f380b54c02aa5e27f08e2d43b655d5a23c5e81be9bb8fb4d887cf70aa0eae714f34a8d5b0665297a77a075d5a5caea2f5d23f803e4263db2c9536621e6ee07a8
-
Filesize
138KB
MD50b2b65b1bf7393422d937dd4875c8840
SHA1e1d318f049e8b4082a94cd89ca0472c3b3161ec5
SHA256bccf88f9bcb094ac71c106200ed7a4151ecfd1c333fa5602d2a24dab7a29473d
SHA512f7f9010d8ccace7f7b1a768ea2bab0b5f58a20c017367dcb74e5029705d12ce673b1551fc7a246d07007ca81122678bbb590032e942f9d55231e208f0b14e40b