Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16/07/2024, 07:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://static.s3.shahid.mbc.net/newsletter/header.jpg
Resource
win10v2004-20240709-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
http://static.s3.shahid.mbc.net/newsletter/header.jpg
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655892446526303" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 5032 chrome.exe 5032 chrome.exe 3116 chrome.exe 3116 chrome.exe 3116 chrome.exe 3116 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe Token: SeShutdownPrivilege 5032 chrome.exe Token: SeCreatePagefilePrivilege 5032 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe 5032 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5032 wrote to memory of 3476 5032 chrome.exe 83 PID 5032 wrote to memory of 3476 5032 chrome.exe 83 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 5020 5032 chrome.exe 85 PID 5032 wrote to memory of 3040 5032 chrome.exe 86 PID 5032 wrote to memory of 3040 5032 chrome.exe 86 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87 PID 5032 wrote to memory of 668 5032 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://static.s3.shahid.mbc.net/newsletter/header.jpg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa21e3cc40,0x7ffa21e3cc4c,0x7ffa21e3cc582⤵PID:3476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,1384237369036058123,11930738012828757887,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:5020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,1384237369036058123,11930738012828757887,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2192 /prefetch:32⤵PID:3040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,1384237369036058123,11930738012828757887,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2408 /prefetch:82⤵PID:668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,1384237369036058123,11930738012828757887,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3064 /prefetch:12⤵PID:4152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,1384237369036058123,11930738012828757887,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:1724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,1384237369036058123,11930738012828757887,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4444 /prefetch:12⤵PID:3292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3756,i,1384237369036058123,11930738012828757887,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4668 /prefetch:82⤵PID:2856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3296,i,1384237369036058123,11930738012828757887,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4688 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3116
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:1532
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58941b2e8341057f798119743478244d8
SHA11242ebd5acc70d5d83e641511f44cdb58d353722
SHA2562ee70d41e78cf3ee3d8ab945f53da954802e1d9a6bfe11a46b1c69f85da8ba6f
SHA5125ca66418ffffa51b69d310e657d9d57d0e429bdfc4be44b9c6770342238d5c0cf399148d330c346c5b72308d50eae3df1e306b67cbf4ab945495dbac6832914d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD5ad95682cae9ab6ee3a150c83508934d9
SHA1945c6e2611d734a0e801a607b011665ae416f0ab
SHA25668d165b671b621c69b5d2bf7a86a25ea5a5cc5c64274cec0616a65605bb20251
SHA512d54106064ec0de0c14f3722b5d9dbcbeb8c60d8ebf46f7e51e027be5c674101210496ec4b8940133100406c45fdc3fc965df0877426275f45b138502fa896a9b
-
Filesize
8KB
MD54544cec70a38c8d913a28e7edc59ef2e
SHA11151c18a247dc19f09b337f3829a15a423be1aad
SHA25691377adf3a8b6fe5701a01cf5a5a9fbf252f18ab056afe3bf93b0fd2ddc6e1c0
SHA512aa81311b520567b7368bb95d6909a90c57a945e7c08a1b15255fc0a5f08a9b2888e36287d01c46d1b0e4018c0b073af8d7105b2a04fb77551f3e85cc98529bda
-
Filesize
8KB
MD538cb76d0b9f2c6cd565091f39e9f369b
SHA1acf5641138d54bb05816d7dd5cc0e2fbc42108fe
SHA2565fb673cdcd5d041bfe029fe04fbd2d24d6d810fb2c748ce8614e493a2e5062ef
SHA51289eadfebc7f99e9c39e0544a7dfea5a3fd27339297f72a25598537a4327267199633307a37b9d1c7834ae4791f51e810e81971a75090ede1ac841e6371cc7c63
-
Filesize
9KB
MD5792fd434d75bd6301ff1e719f3998c56
SHA1023fb7c697dd6e74ce8a4377f4ac2c9dec5b881b
SHA256678714c70c831e6a59ecb45529e4d28964684b4e520e8bacffcd82741d4f799a
SHA5123cd6001124c98cd218e8558125f8b1be229eb3b62e725d901523a00465ba30c69f6314d435348ba80cb625119c62273b2e98b860ea6c25f2472b1c74e8e676db
-
Filesize
9KB
MD55dfe83820263fd2c4d1162b758be2a44
SHA12c83b62a0a24b6fe38c38d35bda536323a227dc8
SHA256cc462d0fe3ff7c244f05ebffab672007bba785027d30849bf49f52cd5d7e1f53
SHA512e6eea8fb41c72c24ddf71063df1e3d5b730d61b2016d68bde3b98947cf7465ee06b73978cd89c7174fb949329bca1d4b8d79ed811f40fda1bbd220a2eca6b5e3
-
Filesize
9KB
MD5cc3b3dda2d7585aa9c8f057120e87224
SHA16128983521230420e8f3c2afe3faacf260beb4a6
SHA256b41a1782d7d64fd6ab27a56d8c47e39333b9d1fc5bff807e58250671022c4f06
SHA5122391631e23a0267adabcb952fd95338f1325eba630d87a1ee8877ba54c83e574190e7bf03d5bd9f220c27d4347b1b527f0765d9ead25a853b53d606afd8399d2
-
Filesize
9KB
MD5aa75291bbc27feec3da9f625a5387ec5
SHA122bb45807cd844f11b8ca2b244f80280740634c1
SHA256c6dcab56b59be7bd10bf0e508bf85c2c49f7a88cda4f0e38bc2e602dc2c9ae26
SHA512ae74536ba28454b3340460600acdfbc42eb3051de90b2f52f64ce89888a40c81a1842faa6a4f1166eccb7c58213c1fb0289bbdc8ea8cc04cbe549815d3bcaa78
-
Filesize
92KB
MD56788339b89fab54fcfe5e800921a5503
SHA1e0b2c0ce52acb5cb6ee356aad8655077a8dae6de
SHA256cb1a3a54c8b50d2e9e77a2333bc602b88ffec390c8233ebf2fe38b0bcd788756
SHA512797d4b4b01d50311bcf558b38badbacb112565a8e2f3f3a70954987209b7880773ea56fa95731813696897da735da232c188fcf7d83d80998e528a50e7088b39
-
Filesize
92KB
MD581aa47a2a3a9dab39224367325c360bf
SHA1cdbc294d8bf846779e84597871cb071e74113b87
SHA2564cd00941bf274d350dd34c8ab0b5b45260c7b3d0526ba84bb16bb1bd31217465
SHA512b0d2eb3d16bbec1f041eec07145881da3f807a142b14074028f2323b02de2a708427c521a7e4008caf129f4f9c04c16dfef4cf25b8035bf5d2a3f23c09a9a6e4