Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
27s -
max time network
17s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-es -
resource tags
arch:x64arch:x86image:win10v2004-20240709-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
23/07/2024, 22:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.interfactura.com/EmailTracking/redireccionador/a.aspx?IDEnvio=b8773e7b-11dc-46e7-8077-acb9a6019a34&IDLiga=57081ca4-7615-4ffa-98ca-22867a624408&IDReceptor=773d66f3-19bc-47f9-8112-a52a8e7ed1bd&IDValorURL=https://buzon3.interfactura.com/Muguerza/Generador.aspx?oCkY/a7I85wSjM7T6tLlqNc8kMTTvx9MSsGzo/zEgeM=
Resource
win10v2004-20240709-es
windows10-2004-x64
9 signatures
300 seconds
General
-
Target
https://www.interfactura.com/EmailTracking/redireccionador/a.aspx?IDEnvio=b8773e7b-11dc-46e7-8077-acb9a6019a34&IDLiga=57081ca4-7615-4ffa-98ca-22867a624408&IDReceptor=773d66f3-19bc-47f9-8112-a52a8e7ed1bd&IDValorURL=https://buzon3.interfactura.com/Muguerza/Generador.aspx?oCkY/a7I85wSjM7T6tLlqNc8kMTTvx9MSsGzo/zEgeM=
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662487922800558" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3520 chrome.exe 3520 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe -
Suspicious use of AdjustPrivilegeToken 54 IoCs
description pid Process Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe Token: SeShutdownPrivilege 3520 chrome.exe Token: SeCreatePagefilePrivilege 3520 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe 3520 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3520 wrote to memory of 2692 3520 chrome.exe 85 PID 3520 wrote to memory of 2692 3520 chrome.exe 85 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 3556 3520 chrome.exe 86 PID 3520 wrote to memory of 4628 3520 chrome.exe 87 PID 3520 wrote to memory of 4628 3520 chrome.exe 87 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88 PID 3520 wrote to memory of 2836 3520 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.interfactura.com/EmailTracking/redireccionador/a.aspx?IDEnvio=b8773e7b-11dc-46e7-8077-acb9a6019a34&IDLiga=57081ca4-7615-4ffa-98ca-22867a624408&IDReceptor=773d66f3-19bc-47f9-8112-a52a8e7ed1bd&IDValorURL=https://buzon3.interfactura.com/Muguerza/Generador.aspx?oCkY/a7I85wSjM7T6tLlqNc8kMTTvx9MSsGzo/zEgeM=1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcae46cc40,0x7ffcae46cc4c,0x7ffcae46cc582⤵PID:2692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:3556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2156 /prefetch:32⤵PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2388 /prefetch:82⤵PID:2836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:3100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:2120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4792 /prefetch:82⤵PID:4264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4084,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4756 /prefetch:82⤵PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5072,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3840 /prefetch:12⤵PID:2840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5220,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5232 /prefetch:22⤵PID:3848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5184,i,3311088065393253707,14236125469301478912,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:3868
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:4660
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD58e38643db08cc17de5f07aead23b9ead
SHA1ae8d854129fce69e2f1df8188fdf1ad21954e4cc
SHA25661d58952140c29564d7da40fc80d5c069c6c54b75f4f6c23c4a1888570d4d249
SHA5129ac4a84d0e02aab86b3dc31e91a384b3ccc373fc45b83d44bbfaac51027c5b30d126b8017051bafd9fc87f7512c28a35b58a219950b673bf7f3308b771d1d564
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD5cff187eab300e720e136a851c34f26ea
SHA12ac7610dff2570cc096fb11ef72769da48cb5efc
SHA2568971026fffe0cb1e42533e286e0df6081ed597720e8e8586a6f409bc0eff1b38
SHA512bd78e400494656f5ae1032431426b8a0d2dc4e7e87ca129f9a9f63274e0021802ec7cc475565e4ca5db4ca4b9ad0a2b861e102d711278f1cdd22bf8e40ef8216
-
Filesize
9KB
MD5898bde90948ca7554f1d6a839802841f
SHA1fc405e926b9079d369e1d9bef39da97c370611d0
SHA256f44ac8cb0b6a7967df62949ae7541be4bb34a3f3356323cd7eab6e384e93a9d5
SHA5128618ac979d6e0e267524464dbc3c3acbf318f1df2c274774a32f3d67fac30466fd26a31a0ad45ee879afbe3e9561e61b3faab9d3920442654c11af6c640958ee
-
Filesize
181KB
MD5c3f0f4dba1fea0e3439d5815369f55e8
SHA146084760b211081e4720b9bd2ded838703666cda
SHA2563c7786afe38367d70071526b120267ec35d3bb02310edd940254c234b51aa306
SHA512b89e8262a34e5d1b526aa12ec91317c9aedcd328d1d675e9bcef7507545bea787a492a0a68a7d21be8eab645ab2c286473bf7b666fa44371256a0f906201b4f5
-
Filesize
181KB
MD53fe5718609f36dadb6f5f1d6f521e062
SHA198555ee65f18b286240fa648de2b7c83996e5db4
SHA256dd586dea719afd6cabeb7471ee6ab5ce473aba65c387631b7f7b498286ad34b1
SHA512abd0dfd71aa3ce56aebc65be10284eb9030bcebadfaa8fc018fd800725824ffd9eea69bc2f36193d16f5e9925be10ce186a63b71a1238ca9c9d8aa34cd63961c
-
Filesize
288KB
MD53bf5b58220cfcf24d8cc740c3934ab5c
SHA15c1829b63d7bf81af51b0a814d24441c99d81771
SHA25601965051577fd5f8538c3f4e88fc27899a0fa5379698e7fe3cc4933f27336d35
SHA512ea65466c7882385e2df608ad91f5d5cd0abcba79e99d9dc155b21f5b5afaef91c36a9b84a68d40d5d6bc040c5b15293d5d0493d8f625f5ae3b0ad323b8bf6e82