Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
01/07/2024, 15:02
240701-sev2na1fnq 801/07/2024, 14:43
240701-r3zjbaxbld 101/07/2024, 07:26
240701-h91khsyhlc 1Analysis
-
max time kernel
178s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01/07/2024, 07:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://playboxgamemix.netlify.app
Resource
win10v2004-20240611-en
windows10-2004-x64
8 signatures
600 seconds
General
-
Target
http://playboxgamemix.netlify.app
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642924388820729" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2312 chrome.exe 2312 chrome.exe 3476 chrome.exe 3476 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe Token: SeShutdownPrivilege 2312 chrome.exe Token: SeCreatePagefilePrivilege 2312 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe 2312 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2312 wrote to memory of 1608 2312 chrome.exe 84 PID 2312 wrote to memory of 1608 2312 chrome.exe 84 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 4220 2312 chrome.exe 86 PID 2312 wrote to memory of 216 2312 chrome.exe 87 PID 2312 wrote to memory of 216 2312 chrome.exe 87 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88 PID 2312 wrote to memory of 4448 2312 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://playboxgamemix.netlify.app1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8574ab58,0x7ffe8574ab68,0x7ffe8574ab782⤵PID:1608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:22⤵PID:4220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:82⤵PID:216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:82⤵PID:4448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:12⤵PID:8
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:12⤵PID:4136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:12⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:82⤵PID:776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:82⤵PID:728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 --field-trial-handle=1888,i,7631407674597849854,5165240576644170030,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3476
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c8df10cab3a2d6dbeb81e51260ad2272
SHA131a5e6d2657626297a4e4fe03fffd6f28478eb33
SHA256f6a1be8c215a3dcf674ad51ced35168d0e1f0a3e2d49d2dbf2e18ed6f462c6d9
SHA512775c4a7d114b8cc5eb11fef84a0fa204a2ffe1d3935974a734f6d68f1f587c2d95cde3366815b95f0d21dfabb512a12e4af30c3af192d6e9645576e545e3186d
-
Filesize
1KB
MD53b08bd2549ebcccfbfa0eb38b96aeb6b
SHA1e72d56bfb9d202b207fa3e544e405563cc6edc34
SHA256e5321f28e8afb9554b20f58792fd03512ecda7cfc073a449df957dec217ad410
SHA5127b5705e09e531ee98a6a8e2f385831866f0ccee2c106b1814c70c21e274578bf309bf45fa45ab400ab37b72877dc54449f90368ef5549ef98a0e404685961d2b
-
Filesize
1KB
MD5f565136d60b3d58a7f9f8dc02b06452c
SHA1c285df3346665ad05785ff1ef568f6122190a730
SHA2561a05654797efa83adeb60544e2acccc8a3c542b0bec556ed7aa1f45e25b8d51d
SHA51298bd06f2985b861ff14b8b15c6c54ffeafff5a592d8d495c169cb3f0a14c75936195e04236f845ad662998b68819dafd618227cc53edea999ab31ada0419cf92
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD5684657536e4e582ec3cf707aad9cde1e
SHA19c54edc00366d6c926afe7191156ba5f7d64f1e8
SHA2560b8105383ea15c495508159b4087e71bd121f9a2cfd597f2da5728f6a5fb01bf
SHA512ba008b37cd9edb47e0d7a021d322c27591e08b626290a0145bbe771edb59bd4e6b446672994937380a29c92601dca228b56d560ffefa9312519673d6ee72675b
-
Filesize
7KB
MD57ffeec015ff09c34dc6619438052eb6c
SHA187f99496e3398604fc5fd3f57d59a6aabe8d4af1
SHA25699084c9157fb083914011d16b258c1f23b736ccca537a1ddab419d6045cb2dcd
SHA51256f7b00d7106494dd66ca3f99411c63261a8f8f0e589f3342992beef3e161bcff5226c68fd52fa7a49abc598a508dda353f95cac35f6c1dd414b4fd6d7706b5b
-
Filesize
138KB
MD5e4b44c3187b8057e1465fccf29d22444
SHA1d3dd5d087d5567ea59195a66d0efef4abf77383a
SHA256cf267e5e320455a7383aee5e5e8c413dc4a9f545748043c739ed2d18e29c80df
SHA5124212bd36bb185b5e26dadd419df8c34b10026d38af8db086a1a2ef0e31952df7f27c1824fc2fe05b329175cafcbfccaba7208bec659702545ed39cde7e473e18