Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
38s -
max time network
40s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25/07/2024, 21:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://sites.google.com/view/fyiguhdrwt53/p%C3%A1gina-principal
Resource
win10v2004-20240709-en
windows10-2004-x64
11 signatures
300 seconds
General
-
Target
https://sites.google.com/view/fyiguhdrwt53/p%C3%A1gina-principal
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 3 sites.google.com 7 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664156937961005" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1576 chrome.exe 1576 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe Token: SeShutdownPrivilege 1576 chrome.exe Token: SeCreatePagefilePrivilege 1576 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe 1576 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1576 wrote to memory of 2748 1576 chrome.exe 84 PID 1576 wrote to memory of 2748 1576 chrome.exe 84 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 3560 1576 chrome.exe 85 PID 1576 wrote to memory of 1248 1576 chrome.exe 86 PID 1576 wrote to memory of 1248 1576 chrome.exe 86 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87 PID 1576 wrote to memory of 5032 1576 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sites.google.com/view/fyiguhdrwt53/p%C3%A1gina-principal1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb32c1cc40,0x7ffb32c1cc4c,0x7ffb32c1cc582⤵PID:2748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,5506081847823518116,13234416305380082376,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1868 /prefetch:22⤵PID:3560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,5506081847823518116,13234416305380082376,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2160 /prefetch:32⤵PID:1248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,5506081847823518116,13234416305380082376,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2424 /prefetch:82⤵PID:5032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,5506081847823518116,13234416305380082376,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3132 /prefetch:12⤵PID:1700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,5506081847823518116,13234416305380082376,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,5506081847823518116,13234416305380082376,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4848 /prefetch:82⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4004,i,5506081847823518116,13234416305380082376,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4544 /prefetch:12⤵PID:3688
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:3540
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD53fe0e4f11b42e08d40c77167d5cb3df5
SHA1eeefbecb8a3d2d30211b1439bacb2750fac0a61e
SHA25646552b84eff3f396fceec46c6008a7289268673023ee49de86190da7d3c6e898
SHA5124c9c6c247225cf4b5fc42349e98ebbd50896604c976d355d3a9708d0ce5a7a070a36498bd171c073ff04374a38bfa33031e0481b10a9c5df1cd76b1ebf67008b
-
Filesize
1KB
MD54e1a29de162e736099bc4ea0c63a644d
SHA15e6139f69703d00062e315f177308ef09c7d3d09
SHA256fb92d6ebaf63d216601ce43a8b0dd4bdf2f65bd64e7fb8c70fd2d47b39897c17
SHA5126733c74198af4ab2ae34855a8ebc5db29514905900cf039d51d52ef084365bbeca6e97151fc35a65c9bd0fbec0e3f44bf5b137cd495b023571bfa0ce8276e9c4
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5885042db30346af5037d748994e19bef
SHA1cb416145d1163ccb07ed40099b26a9365d382216
SHA2563c620c97574cfd60d478a37809b712c42a1f6672855de7d5d6e4cf24dbb0a241
SHA512a547451c154e2608881b8463fd0648a5352c27520ba14d3bc312b564063b7e97864db230433f5e257df046eab898b161fc8ef4a01e94ef95166c2f56945cf07c
-
Filesize
9KB
MD53324f9fd7882576b31c15227cb97d277
SHA12069d9391057e406de4d09aca7a7b8b50922e892
SHA2561a88f9a8d09586ab64b9638236f995be321228451a9f5dbf71834aff36eb58f7
SHA512b67e1310a7ac738d3026d8307e7d9116bdbd9211dcf8bba5274bd8e0fbf5bd9b16c9ac66951820b38df54c5f01849127614a7f59da2a51aceeb836a726189caa
-
Filesize
9KB
MD5dae7bd292ffa03743fc41a13a4c32a1e
SHA1b7df359ec361a91f0e72d4bd973d232e35f221ab
SHA256f19d515b7dc85286968b680d30277b9a76fc66fe5511c87b1043ded52ed31b58
SHA512caaa6c5a3cc0cdffb1d70abbedee03295622e33078f6793c737471701810a1b9437cc28adc297cc8bc8bdb9072ad3dc16dd6157da705f8cce1aac1cef6c68d9b
-
Filesize
92KB
MD5c8961a26db63fef0e4b89225806568c0
SHA1c3a92b665f46c61b9cd9cafce09714d4808b65dd
SHA25648e4a9568775771b740d4dd53d2442b054ec95dd0e2bfd9a9235004f9c24acbc
SHA512c0636605008d70b8ed9b0e487ca705ef281b0b59192e7c8cc84d07fa7927bbc360c867cf2d3c4cce9af2bb7ac7b83e079bf5059513d201261d147df20aea16a7