Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10/07/2024, 18:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://forms.gle/Smbd8RiwberQjFLi8
Resource
win10v2004-20240709-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://forms.gle/Smbd8RiwberQjFLi8
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651098311059374" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5084 chrome.exe 5084 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe Token: SeShutdownPrivilege 5084 chrome.exe Token: SeCreatePagefilePrivilege 5084 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe 5084 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5084 wrote to memory of 1756 5084 chrome.exe 83 PID 5084 wrote to memory of 1756 5084 chrome.exe 83 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 3416 5084 chrome.exe 84 PID 5084 wrote to memory of 2232 5084 chrome.exe 85 PID 5084 wrote to memory of 2232 5084 chrome.exe 85 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86 PID 5084 wrote to memory of 2356 5084 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://forms.gle/Smbd8RiwberQjFLi81⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9c7afcc40,0x7ff9c7afcc4c,0x7ff9c7afcc582⤵PID:1756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,7750675933529708620,16590460104359634013,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:3416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,7750675933529708620,16590460104359634013,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2192 /prefetch:32⤵PID:2232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,7750675933529708620,16590460104359634013,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2600 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,7750675933529708620,16590460104359634013,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:2692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7750675933529708620,16590460104359634013,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,7750675933529708620,16590460104359634013,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4520 /prefetch:12⤵PID:3816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,7750675933529708620,16590460104359634013,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4832 /prefetch:82⤵PID:3968
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:2616
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9d27e3fd-c060-44f4-ab17-05e1ad812da4.tmp
Filesize9KB
MD5d4ace1dd916b7bd1692b66e3c8d19e25
SHA1c340affa7fa5990e99608f40c0a43ba2f6e32465
SHA2562d380a2dbf8a255b473d60ea15c87a04ea6ba67f223531a714fd20477c0474bf
SHA51231606f585ea164ba9c8173929a645892cbba4d9395446d40301b25290b93d51cc435546b08c02ae3eed42e3437bc663eec4450a027c614f10bc5c7679e9aeb75
-
Filesize
144B
MD5c1c6f0a50d3218c5849b56d467268d4a
SHA1724a33e8c45a785eeb918ab867a245fd90133eac
SHA2562043d9450372156ea47466c0f5671173954d79bd12b2312566fb5145c93e8ce6
SHA5120c886e56f4241ae8de765a210770a881dea900673864cc1b5e7374865e80d016297e17a0f52b90e753d6a3067c1b5f2c6eb08faccf5fe5fff218ad10cf2bd22c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5f787ac5c5e1cca652360d51fc7c608bb
SHA190a714ff10b011aadcced2fd94caec83a0067a2d
SHA256f8c9ab28362262fc7c4eaa61cbff46f15df1d224db056151a01005547640df2c
SHA5122c6d6899e5123a7e52b30a79603c11b84349afa5a1de107c81f0ef770d5061b6ad54573fe0491204bffb8e8e76d9d338a832b3d3b03dd4280d18bf7b9122b424
-
Filesize
8KB
MD50f69d335e05a2536afe32379ae5dab7b
SHA1f66a18f7f5a35d54dd521845b4952a0f15ad01d6
SHA25645f554fcacae8480cb205eac14c867378c6aaa0eaff6a601b04b702351cd5058
SHA51245707229c213ceea45c4b204bf9e9913c18a26cc1899df7878d49e4ac77da84f2908e47fb7881ad53391d663e10505c472ae850dc6017b4c2080c79c5654889a
-
Filesize
8KB
MD54a5a0c9ea9e1175893452c054138f6cf
SHA1f62c40a97f0fa8815d49282f4cd6c3ae237c4f6e
SHA256f3d3979e3f721b087c7e2cd51fb29462e80b318aac61ae95586dff37dc524848
SHA512ed4457619b863b5485ae0123a02c312372d536cdec3a081f679e4443121f70cc6b53526139fd65e2de805dc415f48457664716c0dc4b462f318f6668ee401ca2
-
Filesize
92KB
MD564a86d31370bf8f0da6c1d40fc49974f
SHA13f6ae7729c64f6770a674d09aebde101d7d9f880
SHA2569f463526f54c3073e269a35431b9cc40ad30e87527f978760d71d7659ac60102
SHA5127bb38e593d7cd8f3f94b0c34ff1aebe841a428e678ce1b2dde086d24dcfd327d2343846bac7a6153fb22a4aa9e58d7a2ceba7976363a95ddaa53241a223cacaf
-
Filesize
92KB
MD52f2263e499396b78085ebf74def465b0
SHA182e105b60c2b10c0b075b1524e5e9d64ea7e0e12
SHA256be12d35eb016ae7eef43eed592c5d9702d6139dcb4f1ab4e4f27759305d30f3c
SHA5129ef468cc6c7fa0aa28818bcba8832c9d3bcd073305e7a1cdada7f764f3096c99eb4b6a6c7f46f15e00f19f6e2d23d046fa1669354908fe5366a4cda6580ee978