Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
900s -
max time network
1157s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
14/07/2024, 18:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://pastez.site
Resource
win11-20240709-en
windows11-21h2-x64
9 signatures
300 seconds
General
-
Target
http://pastez.site
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654559477941685" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3844 chrome.exe 3844 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe -
Suspicious use of AdjustPrivilegeToken 46 IoCs
description pid Process Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe Token: SeShutdownPrivilege 3844 chrome.exe Token: SeCreatePagefilePrivilege 3844 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe 3844 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3844 wrote to memory of 4344 3844 chrome.exe 80 PID 3844 wrote to memory of 4344 3844 chrome.exe 80 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 4652 3844 chrome.exe 83 PID 3844 wrote to memory of 2448 3844 chrome.exe 84 PID 3844 wrote to memory of 2448 3844 chrome.exe 84 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85 PID 3844 wrote to memory of 2456 3844 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://pastez.site1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3844 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5ddacc40,0x7ffb5ddacc4c,0x7ffb5ddacc582⤵PID:4344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1784 /prefetch:22⤵PID:4652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2084 /prefetch:32⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2132 /prefetch:82⤵PID:2456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3024,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3044 /prefetch:12⤵PID:1084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:2056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4512,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4520 /prefetch:82⤵PID:4660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4904,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3408,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:3132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4912,i,2880524117506909429,7127191025015201124,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:3044
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:4392
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2432
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD50d0fdd245774557aebd4dae4c587b214
SHA17bb53857ef535bd3ae0bb556cd90381a36493e0c
SHA256c35f866b30274fb60f4afc72d24acca4ac0ca77ed8670add2c19e217e1a43768
SHA5120da972ea22951dd3c5fb2eac2e579b2abba84d821e44ff3197c343a39a0a53737e278f4fb382147cea5a24390b34264a601690b633854f9c75a89260b579b836
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD5095e1cef9e915968912edaac9fd09366
SHA1ccf7c62404c6f476d624c286eceb8b1571eb2d2a
SHA25632ee8468f32a7df45f9380254164832d3feb0a6133199c71418ac443ae7f461d
SHA512bc3d2dfa878a5a758e63dc2f4a8aa96a21b850ed72d67fe28fa06acf7d2f041395b129fee6cdb01e043d34e9035da317a3726e997273ea0890666802427ae38d
-
Filesize
8KB
MD59b7edfa18ee5d3f56ddde524312320cb
SHA11e952f3b8c433983543f7784784a0351a13ae6ff
SHA2567a8e2a132f7bab8d48099a821f110a8f2d5dc8ba15640e1faf6f8932f128511a
SHA512096eb872dc6e7cc1d77d432a0be34c5d89c2eeb15999632d2572a1a8a653bf104162f5aa4c9400f212d06e3bbcf720a34f20a1f22d16aa0d7335ff449f262618
-
Filesize
92KB
MD50a0b1f8fc39bb44047eaf0800e83fceb
SHA13bc0365aee3893401009e048e9386d26d107039c
SHA256825d13508fc0ccce7fe0294ee5d516d503c4408006589acb9594b60cc4b0c3a3
SHA512f00f920e7cd4374814dfe3ecd0aa69fafa4df12719d3ad3555ca2d55d97999b7cd68ccf0e8a90f94035f464860511425286e8951a863cc112144338447fe637c
-
Filesize
92KB
MD5b130c693a5337454efb40aaa4d859b0a
SHA118284edbb241224216100b699a8dd4746d63bb29
SHA25649bc9e1b6548477a08cd38a54e71027392bff1001f0d5cd92757395df837b4e5
SHA51289397dd07cbfeff973de23560ab29e9dcf0c08d37988be0571ac049d2f7cc0d78470d9f25026dbdf23a5fbfc6a762efde00c97f2e06dab3333f9bb3ebc51d62b