Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
279s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2024, 22:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://infograph.venngage.com/pl/l0n8GaUJKQo
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://infograph.venngage.com/pl/l0n8GaUJKQo
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645176414017301" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2204 chrome.exe 2204 chrome.exe 3232 chrome.exe 3232 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2204 chrome.exe 2204 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2204 wrote to memory of 1792 2204 chrome.exe 80 PID 2204 wrote to memory of 1792 2204 chrome.exe 80 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 4032 2204 chrome.exe 81 PID 2204 wrote to memory of 2680 2204 chrome.exe 82 PID 2204 wrote to memory of 2680 2204 chrome.exe 82 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83 PID 2204 wrote to memory of 3280 2204 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://infograph.venngage.com/pl/l0n8GaUJKQo1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb263eab58,0x7ffb263eab68,0x7ffb263eab782⤵PID:1792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1888,i,1034258225423770340,17632877494341024582,131072 /prefetch:22⤵PID:4032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,1034258225423770340,17632877494341024582,131072 /prefetch:82⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1888,i,1034258225423770340,17632877494341024582,131072 /prefetch:82⤵PID:3280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1888,i,1034258225423770340,17632877494341024582,131072 /prefetch:12⤵PID:2572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1888,i,1034258225423770340,17632877494341024582,131072 /prefetch:12⤵PID:896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1888,i,1034258225423770340,17632877494341024582,131072 /prefetch:82⤵PID:4776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 --field-trial-handle=1888,i,1034258225423770340,17632877494341024582,131072 /prefetch:82⤵PID:1400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1888,i,1034258225423770340,17632877494341024582,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3232
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264B
MD57cb1eea41c8142b4083132cda7a28eb6
SHA1dc3b1a2f650dcefe79a9acd9e104cf7b5a486e15
SHA2560e7a4f5b91e8717bbcf544512ad702b06e7382ed88dfbd1ee8b49e2daf848f21
SHA5124c8388a50378a36e6b17c0f13e527f9bfb62b087fecfe5051ceb1495a63db71b9e54943f7a4a5ab169d7b68ee18e69cd51c22846bc006ec6129d3fc809dc8ec1
-
Filesize
2KB
MD5c6a84bc1071517be1165c9e98ce5cbc3
SHA174aa92394c24bdb564759f31e9a1a73cc91a56b0
SHA25640dded5d9b90f8b18709edf613ce61a34a74e30dee1a945aed029bc622ee7609
SHA512726dbbab6e4810aaf47212caea64004d35d731ad7d65a27207780ce52b41f490771d542bc8878bb80b927d655d35cda5e3828774f9eb7784971a421a735ef30e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
858B
MD5e4296534624bc4be87f26c5551320e98
SHA10121405c8fc0c9d2d9600621e81cc7a03d5dcd7b
SHA256621c42e4f1a63417af94dce182083807d0eb28f57d0d62ce7c2444ea6e24856f
SHA5128bc7902ee7391f58c86a62019bcdbbc72643496f65e3b5b2fe3735d8b65ff5b5f0083ba0ede6c1a939c7399a703e13f0c74b5c84c1cbd7c72aa73b70a31b4ca4
-
Filesize
7KB
MD5b5172a4deb6907bd9854207da4ee6921
SHA1d54cfbc3f00ca75a3bef93402e48b9eba847d40d
SHA2562107aaf43e02d003aa154df6b1540db406a7cabf6faa6efe341c246663e68220
SHA51233713dff7b58784ae9a0eeaddc2c79590c164d823cfda58ffefbe3c1837d5ca97895e50f6a0f58deebe3d42446d2ace1563c4848d76bddb02901651f9779d87a
-
Filesize
129KB
MD5af580ac0a86e7f0ad129bcd0d6e419a9
SHA172ecf3bfa18fa50ebab41221500628eb58a5f094
SHA2561a72cfe3b5a920a3474bbcd920f066bea60e846813eb499981977e06e7ee6e9c
SHA51218341211ecfd17119c16edcfb30265a8005798cea2c2fff6049babdb17e446d902b17894e2b236ce86b1482fd2742c4cffe2cdfcd8453631ff8e839bdfd4cc8e