Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
96s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25/07/2024, 11:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://csint.tools
Resource
win10v2004-20240709-en
windows10-2004-x64
8 signatures
300 seconds
General
-
Target
http://csint.tools
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1040 chrome.exe 1040 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1040 wrote to memory of 1524 1040 chrome.exe 84 PID 1040 wrote to memory of 1524 1040 chrome.exe 84 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 464 1040 chrome.exe 85 PID 1040 wrote to memory of 2832 1040 chrome.exe 86 PID 1040 wrote to memory of 2832 1040 chrome.exe 86 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87 PID 1040 wrote to memory of 212 1040 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://csint.tools1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff93aacc40,0x7fff93aacc4c,0x7fff93aacc582⤵PID:1524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,17633219609948565459,9198149017840576767,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1880 /prefetch:22⤵PID:464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1740,i,17633219609948565459,9198149017840576767,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2180 /prefetch:32⤵PID:2832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,17633219609948565459,9198149017840576767,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2336 /prefetch:82⤵PID:212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,17633219609948565459,9198149017840576767,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3064 /prefetch:12⤵PID:3868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,17633219609948565459,9198149017840576767,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3096 /prefetch:12⤵PID:3360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,17633219609948565459,9198149017840576767,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:2452
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:4568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD50d66b75ab09e9615f4203660e4adcf48
SHA1e8067b170e2d16cd32e0c2e422f6a05d825ee3c6
SHA2562bb0cfb59b64e73acde95bb8d05dcb60b3a794b209c87e1da42c4369e35f5ade
SHA512088f23b3db916d3efb576b263ac467f5d3e5d4f49311309ca9afe25025a45daaf54d59cc74d8ee27acd9c4750da1d5e1e68881a8f75995162fe906c87db18ec3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5bdc269d4a94c1bdf0709c9ae4567ab22
SHA1282efcaff8734024098b2610ad3d39f9fca36840
SHA256e1568b6713155f0e5729230f0bc1df97688c7443ba176a62f19f9b68671154a2
SHA5128d02feeaa8dae58ba53a2e939ecdd3e9ac300acf2c1ab2d6717777b1c7570f27c3ea9eb5d2e22ab2dc7150258aa4cdf3bad82e133f3534cb9c667d68d3494796
-
Filesize
9KB
MD5b747ac47dd4a83af8b01ffce8580e702
SHA1a0449f82196ba2ef45ca65ab342c892b53b1889d
SHA256ee73d17e1fb34dad700f271e0cdd039089eda59b92d9ae351c9abc4bb35d2b18
SHA51223db19b7ed934401c265ecbae2fa246a34ff8dc0a6b4364d35167914de2dd533622b36217f91b463a81256a9b9f472a49f3f7450aebb29d807e273b3384e23c5
-
Filesize
9KB
MD52e664f66e90ae5bf20f2bc3ef795e05b
SHA110a6a586c13be4454f131593f4cbecc36fe2959c
SHA256b9b1de11e5f63d60b4ef20bd96c3d40f304f036f118df89dce92a78f342461c3
SHA51250d6359af668b841e23452677e8f3887284da1ef4244869abec2ccde4eba70b81857f8cec699292ed9f47eb30864318641efde0f8849d9587e8780fa1e3445f3
-
Filesize
9KB
MD58993a222f4a41e83a4e7cea4fc647f49
SHA1e8c991969053b694e9fee1d2d5504cb8f4300eb5
SHA256ae888f2c10c2d707d827e55d4f352dc5d54170eace4477326c5644955ae965f7
SHA51296031864b7736ff2cbfeec048d9bc40af10b017b912dc1a5605ffbd54c8869ea498e50849fe4edb645377c100c7e617312591af51d7283202e6513b56909bedd
-
Filesize
9KB
MD5c461da376f7bab77f8ab9bf375ba2b18
SHA1135e49cb1bfb9ffa62d5e4a56eec5f526c7e5ea6
SHA2566f288f5a13ac68af19e3ed88896d0265dd81953ec18384d1f5c41662e4c9e637
SHA51286d3bd4b733273dff2bf3e6fea96a1d8998cdbd5852b90e4eddd7bab353ee4c0aa91a773b1e9ceecde64033c0960270cfa0c364f7a05be328d4d3164827aa9a8
-
Filesize
9KB
MD57febd74253dd735eae1c47f90a8dbfc1
SHA12962106a80a48ded070b6ca05c55fd8c4bb4bb15
SHA256ea3890c0bea967f453032a323a5cfa68d5fb59ff975bac0975d46ef5cc23257a
SHA51262c1eb6a829bf0d6b52f4e8f8dbabf6826c86639dd4208e0ed3f50ab3704d01061cd1533eefac839c99755ede32dbd02f5b8cb6ea424162f2266e150c4021132
-
Filesize
92KB
MD5a097b2520644dfb43d213034706bfe9a
SHA1c0968dc1b76422eb67afb19126b46cf95350be82
SHA256fb65884ebb378bc7a862696f8fced2f3e78c61b3b1bd600d86988843cf2bd3f0
SHA51222ef729004cc94500fd7cec4b939a4d096288594b1f3aca1688b5e84a48ae18c68ca5e0e986f9e4afacdc161719256ddacd9542b51c5f357ee67eb16d64b1cea
-
Filesize
92KB
MD577c3810bfa83200228a1eb496800ba9d
SHA1e1396c6e1d7f833015ffe8a61ae519a363fb6a87
SHA2564f959c7b2e00a42f7af3f589cb8976b58913c023b977d0d7ab62506f8dfd6d5f
SHA512cf312b445871bad13b37dbc00014cdb9553b33d50f0622a983aba4a24b49f721216786b9afeb8c03afdfa057e9fdb8a32ef3613da3eb3ec9505b0ce09c651994