Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
39s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
23/07/2024, 11:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://itibdotnet-my.sharepoint.com/:o:/g/personal/cees_itib_net/Eobh7P_h5wJDhk5hRQRhxUkB9HTWv04IG7kVw95-Ha1vqQ?e=5%3a2kpJMf&at=9
Resource
win10v2004-20240704-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://itibdotnet-my.sharepoint.com/:o:/g/personal/cees_itib_net/Eobh7P_h5wJDhk5hRQRhxUkB9HTWv04IG7kVw95-Ha1vqQ?e=5%3a2kpJMf&at=9
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662062553023106" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3684 chrome.exe 3684 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe Token: SeShutdownPrivilege 3684 chrome.exe Token: SeCreatePagefilePrivilege 3684 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe 3684 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3684 wrote to memory of 3536 3684 chrome.exe 83 PID 3684 wrote to memory of 3536 3684 chrome.exe 83 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 660 3684 chrome.exe 85 PID 3684 wrote to memory of 2424 3684 chrome.exe 86 PID 3684 wrote to memory of 2424 3684 chrome.exe 86 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87 PID 3684 wrote to memory of 2672 3684 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://itibdotnet-my.sharepoint.com/:o:/g/personal/cees_itib_net/Eobh7P_h5wJDhk5hRQRhxUkB9HTWv04IG7kVw95-Ha1vqQ?e=5%3a2kpJMf&at=91⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6595ab58,0x7ffa6595ab68,0x7ffa6595ab782⤵PID:3536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:22⤵PID:660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:82⤵PID:2424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:82⤵PID:2672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:12⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:12⤵PID:1076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:82⤵PID:4652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:82⤵PID:3768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4432 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:12⤵PID:2496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=1904,i,11394920781368816612,2676810237745554639,131072 /prefetch:82⤵PID:3496
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3352
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240B
MD5286923e2497767977e0679a0170020c8
SHA19d66c6164e667cb20d998706f820e81279a6bb86
SHA256da3363b32c914b0c592132f8dea33ab0d9364bc5f7aef570c7b14f0cb99a00c5
SHA512c5806bc5b9353d0361d35334076efc51745371e049288446da9f757814a101130a19185c8728c60b4494c18df964b326ecd0ba3397b0ab4c29ace377dfbb02d1
-
Filesize
1024B
MD5c181a74e4e1bcd1024120ec2c78ea629
SHA15817d91cd25abf8d89b7aeb17680969f946acdd5
SHA25611d2995936e75661c0db3ac4e4f093651e767198bcb637cf8347028b56338193
SHA512234b7d182823e447547c0d753d6448440bd0590116115e031ab2d642a7893a55f34e50dc20a0249bada632adb462323c0ad46aa34452b7fe535599050206119b
-
Filesize
689B
MD5403f63aedbfdd29d61c54f2f14b9d5d8
SHA17b092919dd676f2a55ebf3cde6915fc445af71db
SHA25678a42df7680b5b34e07bac215fd65f9d6437c895ca4b426d731b23aa61a5f5bf
SHA512289a4de0ab6f574b12c23a107fff0b334ba1c9fb98979ac37cfad2bc666ff9d34925f9d9a4a5b4f5b45c205689c95352a2136c2ef62ba1197f3bb3a49c36e1df
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a3a42e27-4481-4682-9ab8-16e707243610.tmp
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5b681d5d7aca04bda470d18fc9affcfb2
SHA19ad2cc24601d56ed7d20ca5cacc1f340c21162de
SHA256ea3fce8c251095fa2ed8cf409e7779ab453061bf063d5af2a8a5daa9d5a69ff5
SHA51273e69a210fe03627822ff714b57b70e86cbf5e0e5352490db57dd721301be8f4e0814a0d63e3d191dbfecbf4521d0c355a101bd12ccaab97290daadfa01de55d
-
Filesize
144KB
MD5e254415ffa6be0f3090c26ad881007a9
SHA1c0bece1c29e4f4668b44f9db2386e9a108ebeb68
SHA2560fef83bd512c8ccffab4edd743e386cec5f2ae1a80235b5683b5bae9fa5d508b
SHA5129dcce7ad4cc2d4945b5016c1c47c825dd5d860449aa73de0d549856c191dccd75ff2201956b793602edf7bc8ec74391f5059eda148131401b4ecef2b517091f2