Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 15:24
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://aka.ms/privacy
Resource
win10v2004-20240704-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://aka.ms/privacy
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133650123014121018" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5056 chrome.exe 5056 chrome.exe 1000 chrome.exe 1000 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe Token: SeShutdownPrivilege 5056 chrome.exe Token: SeCreatePagefilePrivilege 5056 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe 5056 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5056 wrote to memory of 2840 5056 chrome.exe 82 PID 5056 wrote to memory of 2840 5056 chrome.exe 82 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 3032 5056 chrome.exe 85 PID 5056 wrote to memory of 1212 5056 chrome.exe 86 PID 5056 wrote to memory of 1212 5056 chrome.exe 86 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87 PID 5056 wrote to memory of 4028 5056 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aka.ms/privacy1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5056 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc092ab58,0x7ffcc092ab68,0x7ffcc092ab782⤵PID:2840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:22⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:82⤵PID:1212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:82⤵PID:4028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:12⤵PID:4508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:12⤵PID:348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:12⤵PID:4660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:82⤵PID:3832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:82⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=992 --field-trial-handle=1868,i,15305886683910687508,7466285539269977160,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1000
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD5e60b96e4415f67c5427bffbabcf64e2c
SHA131f224a93e28f145fcfbe384342bf7f6d5c4ebfa
SHA2567e9f648719ce4be06fd431a47a48188c754e61cc53c783e6486058bb5f58a061
SHA512135effebee8ee790ba9734a47966d776c2c07b148a95967ec49266f0b129d46a1d6194a6c65a55edaae6f2b46f06e3bdd5f0b2e7c954b822a6feb52ea6e2c9a1
-
Filesize
1KB
MD5498826b381ca8518ddecf31c7770a516
SHA1dcd8f1d8567c433369c119da31836b4bcced2be2
SHA25676981656c83ed46da5bd823886df79ded571ef2d3b49d042821cbb144900c969
SHA5126ca5865daa18697213096e79039923d51a383fb4b5ffb05f42da9fb9a0ced612580106f2fe70a5758175d996d9aac1b9780d936953cbe390ba72c089c7846cdd
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5df230f68772c218727060a8e9fbdc21a
SHA15b7f064d8eb2f27dac87a5e2542d5006392473a7
SHA256191c302bf1cdf3aeb94d3ed7e3c402624435923bdf29d8534480fadef91e0cf3
SHA5128e2743bf455483baa5caf2a5143260210df5b58b3b201795dbab2b15ea8c7c32d47e29691353fe695c76a646ecbc50a8eeccdd3710c15b64a539bfd98f835160
-
Filesize
7KB
MD563caeb187a3037d8bb91ebbc1c3e7e50
SHA16eb77e5bb2c4eb40dd3649aaf2d3a188507383ee
SHA256a1016a8f73c951ff521f52fcb805e6af816b2ccf56eceeac318046db5159f28c
SHA51219fc25531ad36cbd96a6eb154f8dc670f9d5ef8949148517762c3ada694ec30a4276bcea2dbf73493957f8d0ecd8f036216cf6bcce27c4eebabd22ae02adc234
-
Filesize
144KB
MD513ff9f21591d42466af15ed2e8562cdc
SHA16274dd14f18b29c334fb03e7103e707d782220b6
SHA25668cc82f5ac56d34a283d642c27f8e648dd8c46906f4a4e68e96a180a23c10508
SHA51218ce3f7af87e70c425a0811866826ddf7e8eb1416c42ca9d144158f72246201f07cb708c20292fdd94d8e780512b29bb20c9dd2c0d7c3a0c1764cd3f440f0e20