Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16/07/2024, 05:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pub-6cf783806cce4230a348728394c5314d.r2.dev/Review%26sign-eDOCS.html
Resource
win10v2004-20240709-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
https://pub-6cf783806cce4230a348728394c5314d.r2.dev/Review%26sign-eDOCS.html
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655811677715418" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1668 chrome.exe 1668 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe 208 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1668 chrome.exe 1668 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe Token: SeShutdownPrivilege 1668 chrome.exe Token: SeCreatePagefilePrivilege 1668 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe 1668 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1668 wrote to memory of 4272 1668 chrome.exe 83 PID 1668 wrote to memory of 4272 1668 chrome.exe 83 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 3492 1668 chrome.exe 84 PID 1668 wrote to memory of 4456 1668 chrome.exe 85 PID 1668 wrote to memory of 4456 1668 chrome.exe 85 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86 PID 1668 wrote to memory of 4016 1668 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-6cf783806cce4230a348728394c5314d.r2.dev/Review%26sign-eDOCS.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc550cc40,0x7ffbc550cc4c,0x7ffbc550cc582⤵PID:4272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1724,i,9294318719829205071,5670234166022019597,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1712 /prefetch:22⤵PID:3492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,9294318719829205071,5670234166022019597,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2172 /prefetch:32⤵PID:4456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,9294318719829205071,5670234166022019597,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2432 /prefetch:82⤵PID:4016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,9294318719829205071,5670234166022019597,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,9294318719829205071,5670234166022019597,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,9294318719829205071,5670234166022019597,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4612 /prefetch:82⤵PID:3476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4880,i,9294318719829205071,5670234166022019597,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4800 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:208
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:1808
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3292
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5dfed10b7388c5f8f3ef3de5552f4f130
SHA13d83b839f45d91ccab80709f6e0b4368d7ba88da
SHA256261ebe6a18d368f6c9505a1565b1ad27de54798f0725e6f380a600dad2e79853
SHA5126c451b6bbecfa3e2aee15905f4b1c87a4e084cb29be05342362e184eeb6bf9746b966086812f8b5699258cef842275ee519160857372d332121e152c1d546261
-
Filesize
216B
MD536a9c5db38d1ef7f454272f821c0c670
SHA19f181a1e0667a4768dcfea65a9fe684dc6b3107a
SHA256547eb3db5adaab275bfbd627b7f3742da9fe907679d5ab123f45652b4370fb61
SHA51248ba4ab973a55553531f510695b9949b422d9b92af5ec1abad9e97ab43b6a0197ac22b43edee94fc9258324a73e64177780982b20c7fefbd1da03a89192b7484
-
Filesize
1KB
MD52270361adfdf8f1b91c5bdfd226b4ae1
SHA118ee7eb9ca3ade9169bfb2323f07800bea4a8543
SHA2567e5b82327705514459962bba67a812869ce29b8ef76723d0a7224999d86880bc
SHA512f163dee0686b1d8a50bcbc287434f2c0a6e8aa65d33009cf73b05a7e9c261cb05065cf86b9d0e203b3b702061fa644aa9c5796ffed499650cdced0e089132d68
-
Filesize
3KB
MD593cba30a85b838ea8f8144094a08ae3b
SHA11b1dd89bdac42beb228b5bfe4b052d89d5e5d93a
SHA256707b0d0412edd7bf48d7c3ad98123d35a748144d5cf6ff266b54e58065aece6f
SHA5120f8b31661689578e71d84ef780287b6e3aff54331487ba357b6f4b11797960d8422aeeb5ea7f5645ac36528867a69fa9559714a66361daa001cd95cbc2d083ba
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
858B
MD58538ef9acbc04684bcf9549be7daa7f2
SHA1e77a715870e88daa7f3a5933ccc06375725df002
SHA256d7fcaf1a867fde3ea11af7c6d1feebf9cb6f3734df5d16a7e6065ed2fe88fc2e
SHA512555ca482968fb9d6ae503eb0be8db1550191b237138a99f741105309003d6ee6a19f6dc75c304e026be63487c781d70053c88122b8dc086d80e0f14abbf9966e
-
Filesize
8KB
MD53c8aa4833392e30e743c00fe8939d5e3
SHA137151a0ea982c3345585924009f04ce3f0321b3a
SHA256ede6c312c2f3b3e18a56c12cdb76bb1a234c3786e6756fbe63a51202b9bed696
SHA5129171eea85bc896a0f4d5a8edf0dcffc7df8d0a618d00a71a0be8ad309df3b2ecf4ab5f687def2df3e3cc4232471101812d303f54d8a2923a6f998fac736f1d42
-
Filesize
8KB
MD5103ff1d1283ed680d02c8a2f5bcda74e
SHA130419b915923e51ec0ba1fa61e13d6617fcc5981
SHA2566bc860498935870f000ade3ac4ab8831cc8d5bbc8f50d8913c45af7fdf02ac42
SHA512e16ec4da49a8be89cbd614bc5bcd286498462fc0033806f853d9a8529b60c53e0da7ca05a1ecd08d13276d43ca79727c434a7a0016228014b21afcc17bdf664f
-
Filesize
9KB
MD519ad882f43328e434ee7f4754ce6ae69
SHA171ff5f2d48ae6062c7dacb18cf99b9488c64dc92
SHA256e7bfc608da27f2503fbb48870ff9522e274a97ba5da1e2b6f4f146ab7be1d355
SHA5127a9d7c3f376efd7f6a14105a553df6ba0c5c18f970a91ae85a0884f4f3fb5f6d3ece5e2d623aaf89135b8530792490a444913043cd5cb85cebabad5e28a1e8e8
-
Filesize
9KB
MD59ca4a37cb7cfddf343713228115ad1a0
SHA1118e740f2f98ef370b4d197b19027987c9f54f8c
SHA256be25c9f128e145f07a2407583c91a95b448fdbed7b065f10a0dce8944d30f26e
SHA51295848bdfbd7fd63b416fc3e31a085f080470b73f8f87ea36d373b01f0e39033faad64ff4ee474fb9f200d0aa0a188479bb122a467de3905dc583b9504702a784
-
Filesize
9KB
MD5d7e1eb20ded2b8446ce759e6521ca7be
SHA13bd47d682f108cc148465ef167e9c1b13e25c4ab
SHA2560bd03d8ba6df5b0e7b66aa133a19503e10311fc35c856d0345897e5c53b52292
SHA5125ddec017bbe4786af8c4544a9dd14248c056a061c0efd12acd22a965b573fb27bef70512bbc6b757ad0ad227601bb916b2c23aba5fa06a1404ec259d61802dc8
-
Filesize
92KB
MD5d5c77bddec380cd02bb2caef00dd4aa0
SHA1c567630b2bad8810c409d4115c093bf0f6ded855
SHA256152167cd86a806f55d04d922e5058ccc106a9d7ca566c80739917ce1c387110b
SHA5127d1f94a6bfb9d8eb89bacc3d8160adc73a2ac79a129f112ba33d291f54f21b957ca1500c16217c0677fdec42afd3f2b99cbc6dd6e38fdf1c51c2843fbbf5e857