Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
11/07/2024, 06:43
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
sample.html
-
Size
4KB
-
MD5
74f50847aa55c236b59b2b77d2206940
-
SHA1
1c3e9e22ad88dab33697e84636799d3f3d68841b
-
SHA256
821c2b9e051a6ef6fb3d53347b12c6711e16a9f9bb9ab6cce815db1913ddc6fa
-
SHA512
8b50804def728b1948f622d36522e20a0bc616be7b3703cda2f3cc080c978fbbde9e2a660635f2ba7675cb2a2f5eed54328202f41ce2d9c9319b1250aba5580a
-
SSDEEP
96:1j9jwIjYj5jDK/D5DMF+C8QZqXKHvpIkdNxrRU9PaQxJbGD:1j9jhjYj9K/Vo+nlaHvFdNxry9ieJGD
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651538313235656" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1148 chrome.exe 1148 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe 3028 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1148 chrome.exe 1148 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1148 wrote to memory of 4996 1148 chrome.exe 83 PID 1148 wrote to memory of 4996 1148 chrome.exe 83 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 4400 1148 chrome.exe 85 PID 1148 wrote to memory of 3148 1148 chrome.exe 86 PID 1148 wrote to memory of 3148 1148 chrome.exe 86 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87 PID 1148 wrote to memory of 2840 1148 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd4,0xe0,0x7ffb0385cc40,0x7ffb0385cc4c,0x7ffb0385cc582⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,9709596679777851767,17468525720935550998,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:4400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,9709596679777851767,17468525720935550998,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2128 /prefetch:32⤵PID:3148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,9709596679777851767,17468525720935550998,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2328 /prefetch:82⤵PID:2840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,9709596679777851767,17468525720935550998,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:12⤵PID:1668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,9709596679777851767,17468525720935550998,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4460,i,9709596679777851767,17468525720935550998,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4656 /prefetch:82⤵PID:2420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4832,i,9709596679777851767,17468525720935550998,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1044 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3028
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:4968
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD5c0db74c72cd4765af4617f76cbee9d26
SHA1ee65e0f5db30fcc754d30863e8ccc3376ee31af9
SHA2568020d906669d8da5ff52ffa21d8f99e67068c501dca450a51276a611708e5bda
SHA512c95df893e7a743a78840269e13a8e33d943a6387d9f473bf96d27654c3d813affd1431b8da4df3a659ec83a05c4993f9a26432335b5d60b4e7ba221e15fd806d
-
Filesize
8KB
MD56573ef6376e5ab0a6c7ed36b07e86bcc
SHA18bd3e75545f4e08bd449f5929c83141c756a99cf
SHA25682604cd6141c598b7ab5b354738d9dfe90eeb4c89f8a1f36deabc8804dddc8b4
SHA512f7dfff3db7fe26d57944ce42a5463896a1550e1f596c120662e7d85f41a9c08744948ee063f217c85ebe9d2319b7a204f3f97f3e105c04f91309186ff43ac336
-
Filesize
8KB
MD5e9ba32551de6cbe0fd8c38e0e8e666c7
SHA1c1bd1fd8ee65697aab04b14e8da34b46fb1742b5
SHA2566676e20623eb757f3c354217ca66cc3b86beea0ef9237359890431f8df0edbb1
SHA5121c6dc16322169386c350698166cd4eff60ff7f61ac63fa0fe880aa594f93d444b3df5e3884c9b210aa93e8c09713573a04afa4b85acb42d7c45706afb6797910
-
Filesize
8KB
MD5693d1c61532ddaabc2ae472dff799680
SHA1918f9ae5e1c75bf740f15e6da906a79425a78971
SHA2564a2dbbf0ad80c6e5c225656c11b7764495973b2e26321c1e789732f1e91e6a31
SHA51260508d0a63b62987f398af1afdf0d1a56ab54c9b8ece1548230a70163f93d3045040f8b8ca150e0ce97faf9cd96cec0d32ea41daaecfcdee849403a00be8a853
-
Filesize
8KB
MD5e598093d426cb762802a39c5b065a0fe
SHA1875bdc4a184d7df3b30cacc6564681f8a3f4e34a
SHA2564e04060a65f43d816b90958df2054eae9069b6108a5e465fde417dc9f3afd49b
SHA512b36117e6c1463768a3c8f86efa522ca09f434d59fc9df27edaf3c0cb478530473163eda163586c185c0f2a55d507c5c6973c6af4596eb681d3f5f6cd41666fff
-
Filesize
8KB
MD51015e343cd970aae4372787151b3d740
SHA1ad970f5efb946d336f1bfd349e370dcceaa9538b
SHA256b23656d6f7446276ff5e92aa18033e818fa223d97362b4514a950ebe12677b65
SHA51242484c69250881138aef25f9618cb6385487cec9962317b28192b07634ad2c10229105e347512cffebce3369229a6c6c484442bac370d76dfb93989feb249bf5
-
Filesize
8KB
MD56052645b8b015655bbf802975b425cf2
SHA19ce9019b9d0d644715ab65cf4462d75e6e510a33
SHA256de637e33c6bed9e9ad99250bf6c8ce1cff03e951edf79cb74732e37a67aa5ceb
SHA512b94531badb535fbd51e611df06f59f91bc3522a8f93dac8cc98fe8e07fcab71917c7b95c1146d8a4c1ba06dafc492afea8af41a3f10928899128aa75b0ced1ec
-
Filesize
8KB
MD56c82c8875f879a1db67dbfba5a7283a6
SHA14e755dfc1a5cb0ca7929d690e39821a2c3ada378
SHA256255a0e4f93d414deb41a60eaf7a43f49b56330a627c6f268dee4b1ce2d6cbd3f
SHA5120daa133d8f62c2d62196009e2e5dcc7d91ca4fab27f5040eb54d943f45b3201093ba0e134d3b8fef5cf0e9558f6a16f1f26fdaf43bb905f74ae461afa056d52f
-
Filesize
92KB
MD5c1a1e2641eb17fba3489ebfaa61c71b9
SHA1b4b9bd6c0aaa0d7818d0ad3c7abd6e399580a729
SHA2561c8430c381dc5d82c37c96d695b02c78eabcb11233a285b7cf0fbc7d3f902361
SHA5125ddd8ab50f043e8e391aaecc0de0f48e3101e0cd668bce0b933bdea096b853c3b84db11a796939a200d40456d0338fb455e73be26cac5c310b15105ebc26dd3b
-
Filesize
92KB
MD53ce9f26d7add6d8e5b3b8448890e97cd
SHA1a80983731953b214684a0916712b384866a2bbeb
SHA2561fdd2808cdc6635ae7b9af077b4b6544fcf76c4a33851dc3a107e12337683fad
SHA5129368b10050d045c81062cf1e3eebe36d5dd2cfb8736745eb930b021d299fa80ec16054e349d3752c237e6060443ab60877744e341d7b4bd1b9e9916f0496b512