Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
299s -
max time network
280s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
12/07/2024, 07:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://douglascorp.cfd/BwoMV
Resource
win10-20240404-en
windows10-1703-x64
8 signatures
300 seconds
General
-
Target
http://douglascorp.cfd/BwoMV
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652421018112760" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2824 chrome.exe 2824 chrome.exe 752 chrome.exe 752 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeCreatePagefilePrivilege 2824 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2824 wrote to memory of 3480 2824 chrome.exe 74 PID 2824 wrote to memory of 3480 2824 chrome.exe 74 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 516 2824 chrome.exe 76 PID 2824 wrote to memory of 960 2824 chrome.exe 77 PID 2824 wrote to memory of 960 2824 chrome.exe 77 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78 PID 2824 wrote to memory of 4828 2824 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://douglascorp.cfd/BwoMV1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa5f7d9758,0x7ffa5f7d9768,0x7ffa5f7d97782⤵PID:3480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:22⤵PID:516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:82⤵PID:960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:82⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2628 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:12⤵PID:2456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2672 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:12⤵PID:1424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:12⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3140 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:12⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4680 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:12⤵PID:4200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:82⤵PID:2420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:82⤵PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:82⤵PID:1772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4488 --field-trial-handle=1836,i,12694992700310304196,5779008689064445220,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:752
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD5d8444a8663e1e9479e614e2bb1ef76aa
SHA116842f54c088cbfcfc8a794743cba3e2fa9cc937
SHA256cf5d872309ec3be6710a8812e4f9664c1affa33bf65d4b5150d3a6be9721dba1
SHA51221488410077484139916952ec4f64e23b8cd9ccaac0565212c7080d04c0f7b2c5130383b31671c66dca245e5732fbc35002550988ffdfa6362bb0a98b74d5dee
-
Filesize
2KB
MD548596afe317551ebce27951b40caf603
SHA100a6ece1e86457beffe75307540ad9ef01671e94
SHA2565cf04a985dfdd5b332fbf70c8f19e84cc1f6def82f747717880a17e7bfa15559
SHA512f7103a20ec17710fd333d104c43c53f7f839df1ab6fa87e297ffe8ea4a26243bc408c85e974b4898c3919f8b653df5f83c15024f9dfd6ba0c354c32f072d36fe
-
Filesize
1KB
MD5f624882dd9292492d0024e582ce49ef9
SHA1eafcd187a15351afcd755e165e43df8b1b9e295d
SHA2569a2e9fe7ca50233ac9ddd305a6c349d6416bdc6b5c535eee1fb68cddc904dca7
SHA512973517029da46271eb959f8a35b37a7739d1e3df170e875d747d40734627957ba91bf37a088580ca374d3d054cc2b072890fcfe7bfe4b71665ec518de4edabb2
-
Filesize
6KB
MD502f8cef3cb11528421c694323f045945
SHA1548feb37815a3ab2eda4c9f17e22128d1f710368
SHA256de9f9abae8f8cc4cca422d46e103aa21b2cdb27fbb6cd7ad1f0e421e5b7d458f
SHA51287acbb56251a2d2d52628858215943cfe68864fea191550b9feee88794d8496a9c643c80f6101b95c181245985342849afeba23e7731372bc15ffb1b6dd383bc
-
Filesize
6KB
MD59569edd0d2d388b4ff659821a77fcf77
SHA1e6a61b48e2b773224c4e744e6ca4ff8402a080c5
SHA256c1e0850cd3158e64653b8b50cf88d5458a52b34e46463b57ff78238d8d7dfdbd
SHA5123dddb55595e327ec902c6d4c261f0616be27247c41b081207af8b8f3838afb9373530e9c26170901b9026b03458b54d782d0d0ff175348ebbb0586d6cc24d780
-
Filesize
6KB
MD5b6bcdbd14a56febb9bb6339a0c5713cb
SHA143c7b519b02b1b272f711ef9c5177691c65366c2
SHA256f244384925b79dd949e90c5a0b7bf97d00edecce7fe3cc8bf14d9eef7ef51971
SHA512664c2dc5e6b2a50e63ee5f3094cc7b280c3518955b1c4bed9a4e4642768d10e6797cab857a586225f3d220eecf1f9cd7db98b9a3ef25eb1aecb31334e267fa1b
-
Filesize
136KB
MD5397c9914f0674d13041225282605387d
SHA1553435d9d596c4ea35fb22a7ba2ef9ce9b469730
SHA256929b5be437a9897b3d80de66fe3e1edac1113a86c3e97ab4e4210be4e2cb842e
SHA512b15da8ee1da7bf372754beb33e37e16a2e178c8e2235d7071856408b02cfdffe21699d01ee155dc7718f79de4e2b007a678d66b88d1ab7dea57118164bd6787a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd