Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
299s -
max time network
296s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 13:17
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://in.xero.com/d0Kanq0pIRp0VfGg15a2aODt3gde7UW7hgThU1m6
Resource
win10v2004-20240704-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
https://in.xero.com/d0Kanq0pIRp0VfGg15a2aODt3gde7UW7hgThU1m6
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133650046701867317" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1172 chrome.exe 1172 chrome.exe 764 chrome.exe 764 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1172 chrome.exe 1172 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe Token: SeShutdownPrivilege 1172 chrome.exe Token: SeCreatePagefilePrivilege 1172 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe 1172 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1172 wrote to memory of 3700 1172 chrome.exe 82 PID 1172 wrote to memory of 3700 1172 chrome.exe 82 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 1752 1172 chrome.exe 86 PID 1172 wrote to memory of 4808 1172 chrome.exe 87 PID 1172 wrote to memory of 4808 1172 chrome.exe 87 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88 PID 1172 wrote to memory of 3756 1172 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://in.xero.com/d0Kanq0pIRp0VfGg15a2aODt3gde7UW7hgThU1m61⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffe4de0ab58,0x7ffe4de0ab68,0x7ffe4de0ab782⤵PID:3700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1868,i,12990312121210610535,1874804064068132106,131072 /prefetch:22⤵PID:1752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1868,i,12990312121210610535,1874804064068132106,131072 /prefetch:82⤵PID:4808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1868,i,12990312121210610535,1874804064068132106,131072 /prefetch:82⤵PID:3756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1868,i,12990312121210610535,1874804064068132106,131072 /prefetch:12⤵PID:3960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1868,i,12990312121210610535,1874804064068132106,131072 /prefetch:12⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1868,i,12990312121210610535,1874804064068132106,131072 /prefetch:82⤵PID:4520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1868,i,12990312121210610535,1874804064068132106,131072 /prefetch:82⤵PID:212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1868,i,12990312121210610535,1874804064068132106,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:764
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD574f6d82827cb5b6eb748bbc453b6463d
SHA1f5560be6bda94a4ef811a71599ac32259b715311
SHA256670deb9025747bd51d527c56cbb28a74309f066ab5c05bba11ab0781b7941eed
SHA51239c8575bef56de70c2767ae00080bcbf2c62444b6bbe52b335328be1f2b52796e0cf5a5368821a565d7770870e3fc033e5ccda9777d8256b51597cdfb93c69f5
-
Filesize
1KB
MD53fa5a131ab9735d20cc45834204210dc
SHA1fb43e05d53d026eb415a5e504f3c430e6fd51ac8
SHA2561178c51b692efa4cdcaa8aee0a6824fdad8e5d2a370ec51e5d040cf153391cf9
SHA512f376d6eefe82ef81989c0380e4857a2e956bf689785c5ad9b214fd03cbc07894dcdbeb6a797aa1e220d217b4853d49dd52654950cf1e903aa05188b6b6d2443a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
690B
MD590001ad1741221ce6246c5798825ff32
SHA1f1beaa3e5f18b0683fa9783846dd25b4a9289f46
SHA2568a373220b9c1b7b7b6ff3c23d7bc9cb041dae03c0c55929c53ec8f62665e97b0
SHA512f7881f1c89317213b14d7e7c7abeaded53574778beefa2e7e6d14578e3b22aa62c7e35e713daef2b88c0b686e9fea49ccbe807918ee695d5305b297975aee932
-
Filesize
7KB
MD5068ab1b60b0111e373736b87d4cff41f
SHA1fefe2e90672779cc4ea7eda65de64afbf5cdd2d4
SHA256ab4f085a73ee2323b454c63179fe550036a05b856bb242c16e41521ec9066856
SHA512e9e8eb068120c3736914142c216e856d80e80b95033b23e523839982d4a5f0a5678263fbe000b5b527489016af055076948c9ad1aacb970af860f05142f8f9fa
-
Filesize
7KB
MD597cc4b87f56df29333e5b66b1c25ac1f
SHA176b4f43e1fa25bd6568d15cac347cd5ac85c2dd8
SHA256b5d8aa790ae5fd928550f69935459aba28014633b3c0f214e12a740c18804d13
SHA512a4279edc9dd3daf73566fa570aed9c80c42b4f5113ac0c9be53a0db3d28059aa296f804984d84d568b37502cb27a180882d404c91969001081e272e06d580024
-
Filesize
144KB
MD5bc0ccdb70048ef313e4f6fe8770fb1f7
SHA1707a14def7ea73f7c6066b32f8858908d7b58bb0
SHA2562598e8ee23b35bcd56dbb6d1fa39ce34c0665ce37ba8c7948c64d4901e112449
SHA512f23f5cdc7c8e4e8aeae26fb593579a26bfab14562fe4b7f65f5ed9e4cb57ad446c726cdbfef365e454faad427447d4be46de3bce2644015070aef9da2eee48cb