Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2024, 08:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://agenziaentrateonline.it
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
http://agenziaentrateonline.it
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661103363976238" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4600 chrome.exe 4600 chrome.exe 3960 chrome.exe 3960 chrome.exe 3960 chrome.exe 3960 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4600 chrome.exe 4600 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe Token: SeShutdownPrivilege 4600 chrome.exe Token: SeCreatePagefilePrivilege 4600 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe 4600 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4600 wrote to memory of 3776 4600 chrome.exe 84 PID 4600 wrote to memory of 3776 4600 chrome.exe 84 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 3712 4600 chrome.exe 85 PID 4600 wrote to memory of 1732 4600 chrome.exe 86 PID 4600 wrote to memory of 1732 4600 chrome.exe 86 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87 PID 4600 wrote to memory of 4044 4600 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://agenziaentrateonline.it1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0x80,0x104,0x7ffef548cc40,0x7ffef548cc4c,0x7ffef548cc582⤵PID:3776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,10769704127378526255,15416585073912302458,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2012 /prefetch:22⤵PID:3712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,10769704127378526255,15416585073912302458,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2052 /prefetch:32⤵PID:1732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,10769704127378526255,15416585073912302458,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2284 /prefetch:82⤵PID:4044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,10769704127378526255,15416585073912302458,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3048 /prefetch:12⤵PID:4956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,10769704127378526255,15416585073912302458,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3092 /prefetch:12⤵PID:1224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,10769704127378526255,15416585073912302458,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4860 /prefetch:82⤵PID:3456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1044,i,10769704127378526255,15416585073912302458,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=960 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3960
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:3260
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD52fb6e1f08579c78ce6d739f9b77b9aab
SHA1bad7fbae177803afc8c4a3030302430b7f1b5cf8
SHA25693a0749b29b35f3530117a5644a493fc86c922cb8e962cffa89bb32d9560d10d
SHA51215b80ee92bf4f3ba56d4d3fda93d2c85c4390ed5100e41a41075f85fdbe0d5a58c6b250e3004d7c158712311e4bab39ade30bee9245fcd207e316efe27098d10
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9140caaf-2f6a-478c-8d31-bbc694b9f5b7.tmp
Filesize9KB
MD59c43217d5990ec4b958338aa70ccd37f
SHA1645a8ff2870d0940e0daa65fb8206a19b8e6f267
SHA25672c7feede29d0262519fcd0526e305c1f83cfc5e0e56ba23d521790ef57b0a0f
SHA512e38e5df79722922c2e0c5170e35c5de2ba7cde8e0d14e8ca101192326fd5ab12f5eaf2a671aeb90528a3f55fa7702cdacc85d0686410b282bb22c3ccfb25b6ca
-
Filesize
649B
MD57a34571b69ec209d93ba791f69b58e38
SHA15a690dc98b10d3bb131c283107bbcb781746c951
SHA256c998084080f029a2ad6e6c42f2009038a17a589a178481e34a6270b144994e0a
SHA512c5f350dcbd41eed47be26c1571bfe252f2b5a34fb41051d0bcab9b0efbfbb2ab097f7fe3261d047affd53daf1c1f2742bb7311e19eceac2d7800bad6bdd4a1b3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD529ca9b20416759156e515a37b0104efd
SHA175c62721c85daee3ced8648a7524e535a4a7d8f4
SHA25680afa0a67562f3b2eb461e586a0efc301341e0e0f1509f7e17110854cb9fee02
SHA512c1a532845d3b98a8b880f14f9f75e25a4c01a1dd96d1c9fb69803fee617b079897cff3add4731f6c7ff2ea9d61a67da2609d2de0c5cd42c8902688a7994849e2
-
Filesize
9KB
MD51d31ae5c2ba225280e88d1cbf60990bc
SHA114ca348cf339a57a6c20f6dc4f78901a485685ae
SHA256806ec999f51773c37786d96b7f6eb9d853e86a9c172e94ebd53aac81f6b1d8d0
SHA5125bb689a51c4157b373eb7eaada864454a3c87356409b0811e4b92ebb7219f985e7bf83db5d3219f1550a9026fa05f7f5ddb999764e5613be7171fd0137ec8435
-
Filesize
9KB
MD5854fcde43ad30848283cee92c8ffd28b
SHA1c2145198ef58aeaa6fa25083dccb5a00b9625a84
SHA2562d03baebce5f2720254f0fdccaeabd141bf9e3d75f39ff5fb71bcad912e2430b
SHA5124c802fd194d234c20dd5fc07c64b4c3428c5ec2d6c3f9ea841e46f31d013a2f6311deefa9b7d4a41585b53b36d5142b4e617cfe6d547695a69821a4a65721091
-
Filesize
9KB
MD53b8b189ccbcd990d1a86857a82c6495b
SHA193410c980ebb9278f4d616ed83925a464111b7dd
SHA256008a7f778584bf7a5b9fe045666629c37a682d813368597fc5dec3bb608b0034
SHA512d52d11aada297a83b270f7cdf700910bbc3cdc708d54706aca50ecc28a0f1172ea8fdda519e96ea35ed466416cbc4b117687af7b1205a044b089c6ef7eb258c4
-
Filesize
9KB
MD5c3f1081f084a877eb921ad10a3168472
SHA1e48e2fe08be819736be9081f0f0ed7233cf7164a
SHA2568ac58b910e064e43f3059799dec0c858ec81e9879afa5ff1f056dd52a9fe7962
SHA51280073d4af198fe4336a154f5726d89264a3f23182e99ed27b0bf6150ec6bd9a32c13c35d886a989f876a3835b4f2216c37c533ef0d5ee6fa544d1d78686913f0
-
Filesize
9KB
MD5e38bd64bd4cf00e5e12d53f74a7633f9
SHA11c090b26576e284eed475400cb578e42391362de
SHA256c773813ab64e5f02bf44a4c39392f4509dfe8850fbf3671dbb080e1d4017dba3
SHA512f4d35da9b31d19d2d80159ca13b49c33f4181bb62e40b947ad6bd930d4f2b77a7183d46e25b54cbe846675be6a9a88b7aab902faccb23e35ca4b192434c8cde1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a5cfd037-430c-4473-97c3-f76274cac4a5.tmp
Filesize9KB
MD5424dbb845cc1db03e6c13ea55933c180
SHA1a74a55a70fa844ee89e589a34119a213efd57a9f
SHA256f75d0125da3ac4d7f324975c82b408928f833a07a3153291698078fda9e9b853
SHA5124ddc194470ed2c0841b4b375439e8b591a561a4e458f5b3c3fef273b78f6bb71d74b9319e2a529fab1fc02873ca36b0ca10a3351f333d3fd252ca1a27792854e
-
Filesize
92KB
MD5beb4de3faf7205fa80f4e2a8629edc97
SHA18db878874a5f66f51f6b046c70eb32d0d6dbb868
SHA256b29f4e68e54f411acb4acb654d8175589440eb9fb337dca27d853906895a650f
SHA5127c739d2f048da885fbf81d67c9e4f16ca2f5d32b00e41b83fba61cb4c357f9f43a220617afcaf949c71d288e688247864a41747f0ebaf7b5c47f1d136515c88b