Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 03:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.baidu.com/s?wd=%E7%89%9B%E7%BD%91&ie=UTF-8&tn=40020637_1_dg
Resource
win10v2004-20240704-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
https://www.baidu.com/s?wd=%E7%89%9B%E7%BD%91&ie=UTF-8&tn=40020637_1_dg
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3444 chrome.exe 3444 chrome.exe 2916 chrome.exe 2916 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3444 chrome.exe 3444 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe Token: SeShutdownPrivilege 3444 chrome.exe Token: SeCreatePagefilePrivilege 3444 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe 3444 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3444 wrote to memory of 2220 3444 chrome.exe 82 PID 3444 wrote to memory of 2220 3444 chrome.exe 82 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 640 3444 chrome.exe 84 PID 3444 wrote to memory of 1104 3444 chrome.exe 85 PID 3444 wrote to memory of 1104 3444 chrome.exe 85 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86 PID 3444 wrote to memory of 4068 3444 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.baidu.com/s?wd=%E7%89%9B%E7%BD%91&ie=UTF-8&tn=40020637_1_dg1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff903bdab58,0x7ff903bdab68,0x7ff903bdab782⤵PID:2220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1912,i,15333259308187013014,624691206167784086,131072 /prefetch:22⤵PID:640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1912,i,15333259308187013014,624691206167784086,131072 /prefetch:82⤵PID:1104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1912,i,15333259308187013014,624691206167784086,131072 /prefetch:82⤵PID:4068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1912,i,15333259308187013014,624691206167784086,131072 /prefetch:12⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1912,i,15333259308187013014,624691206167784086,131072 /prefetch:12⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1912,i,15333259308187013014,624691206167784086,131072 /prefetch:82⤵PID:5088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4468 --field-trial-handle=1912,i,15333259308187013014,624691206167784086,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2916
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD556e79fb9cc7fa9179486a5e8481276b0
SHA10485e11811bc61fee4646b65fb228f08e456134e
SHA256607412be47886daac58e455594122ceb0239916a7cf0bdc94a4161d0c82ab3ca
SHA512daa3ad17552f16829244fe836295e8b430988b5575e94df4634071305b32a1ea374d9892c2b3aaf301aefb5d6840a71cbcd07693992fbe9f2d2e3f641b880c23
-
Filesize
1KB
MD50c372f913429d7ef1e6541271d5d1e0d
SHA153bad6b4638b06869b3263393311b6724f68a6e8
SHA256392b9d7bda942c6828c6d80382440bec0222375f06eb9d34ca67b6b0f1666054
SHA512dc4159eabfc33587b5afa660cf2314e44b7d1056bdaf9a40773c5929f8a8f3f6c9139cbccedd5211fd8f06d96c25e587f3d0a9d5c07f9d751edbf114ec3685b5
-
Filesize
1KB
MD5012c8f58784786bf4958b4ab1a45b78b
SHA1a064dd03464dfb62851029156e8d8cd41b11cb0f
SHA25688c32f0a2e8edf8ebb92c7fefb66aa1f5b29293ca0c0b66f4d09316224637e98
SHA5127f05d2132c72a05a4a1159702302ce2b92bdc21b6e0df521daaee245eeec4cfc17958487dd2d76716272aa71f8f7f43f753a2f48cbe938064480daabde28f1ac
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5ca95003b7d19043278e7994410d86fb1
SHA106af9a81a1e15a0eb3182f28b1f24e7a9a56b799
SHA25639847b1eb8e704fb8e9d3ec90a19b652675c5778586c8bb385f517a7db4c24de
SHA512c1e7b9c6ed531a2963f52a7aea161ee0ec9e48ff2a702d1481d196de2dea65ce090eafa15fe5ca849913d3c8183d0ecef17ab46fda428f79ee1a5614582d4127
-
Filesize
6KB
MD57ed597a3c873c156e6bac0833adb7fac
SHA15460b3c2fc1292be6f74dcacd1c40f5ae88228fc
SHA25605ab4102c9219f63e01187fa4b659f3763dbfc4fc91a4e528c5a4c96781fc45c
SHA51241a9401e42f30a5156b52b83be473ce54bb825e5cc6562a872e379e97f959b5c76700958d725de471385a6bc05da9a0da04aef02c0fe251350c3dc97d8f5ea10
-
Filesize
6KB
MD50c5e3e04a4c5961552e06ec0e9776110
SHA124fd8bb45d1e99138c6ea734963650ae5922ca43
SHA256ccf2a75dca0459e6be1db38ad677a8e512834394e5664d486474e381e9906a50
SHA5120944f09a78e0d8348712d8d06eed9919de25a5638419c5cd22409e149ed0bdbe9a827ea8f6c22545ecbfebbc039239f455919021aac26354b8527821753c8305
-
Filesize
6KB
MD52f73bafb676f461293f7d63b1d234f9b
SHA1ef6e63a549b4eb59db6d31da471bdf7a0a8fdb1c
SHA256954b142f409682115bcd991ee18aa023d3a9fd9302127b06aba275f77134b636
SHA512f65a69a0420281477cc5144da1b800bcc40b0eb7a07b5e70242a90ffd36d1e7b7e4ad5e9fb901c9bb92bc382b0b333017c4d5d56ff14dcc55ada484619a6e0cf
-
Filesize
144KB
MD5497dc98bb878244837368a988aa16f03
SHA1e60cceded27814cdb386c874bfde10bc807323f0
SHA2569c430817fed791698836495d32029f62a25127c960ea8b6c5ce632c73d4dfe04
SHA51267f83b0e1f73cbf8725ca1f4712148258541dbf3f7fa1ffc6b93085ae4d70b128cab7afe7ca437219f0e99b0c61d79fa2ed01b4037f4fc4cabbdff007f0fe734