Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/08/2024, 04:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://r4.res.office365.com
Resource
win10v2004-20240802-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
https://r4.res.office365.com
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673923742452732" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4364 chrome.exe 4364 chrome.exe 4756 chrome.exe 4756 chrome.exe 4756 chrome.exe 4756 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4364 chrome.exe 4364 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe Token: SeShutdownPrivilege 4364 chrome.exe Token: SeCreatePagefilePrivilege 4364 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe 4364 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4364 wrote to memory of 1916 4364 chrome.exe 83 PID 4364 wrote to memory of 1916 4364 chrome.exe 83 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 4508 4364 chrome.exe 84 PID 4364 wrote to memory of 3044 4364 chrome.exe 85 PID 4364 wrote to memory of 3044 4364 chrome.exe 85 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86 PID 4364 wrote to memory of 4552 4364 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r4.res.office365.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbf521cc40,0x7ffbf521cc4c,0x7ffbf521cc582⤵PID:1916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,14621947330504671071,8020461669271415335,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1872 /prefetch:22⤵PID:4508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,14621947330504671071,8020461669271415335,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:32⤵PID:3044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,14621947330504671071,8020461669271415335,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:82⤵PID:4552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,14621947330504671071,8020461669271415335,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,14621947330504671071,8020461669271415335,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,14621947330504671071,8020461669271415335,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:82⤵PID:4596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4292,i,14621947330504671071,8020461669271415335,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4756
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4476
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5860d1ae73611c91f5535611ac00bd950
SHA1cae174868f2a6e4d465148f1cfa30a683bb8b0f6
SHA256a171df1a929bd99220c4dbec28718d12a4b328d9bd9c3b2218fa9bf045abf51f
SHA512ea5406c0b6d85dbb1d4170101fe31f23d623c6b07bb2dc5339f9fcdd716e2e9122094a324e3fc022cddf1159b7dc646202492f17b77d72fd37753e9ec3686b19
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD563436a8ab8f30bfdd29b686f83e38d2e
SHA1e6377026655449b8e0933615a677072e99bc1c5c
SHA256492165eab9f7ed5a5dc8cc941a2abc9276e5d291a64c7d3054be2c1580745eea
SHA512cdf946b140eb64305fdcc98d69f8cc2bdb5db17e127561657fd34c3d35497680e85568be07c7685195816d199b79e391f219840da6b965a449864ff2f8844347
-
Filesize
8KB
MD50a9db0ca376bbc7a13473e16fec8d3c4
SHA159896dc91869e78efcae95f794a3f4d06e1fc2d7
SHA256185ac1f2a80722f4ba7736062af9abf084cfcc7f91bc0d021d3779274a97c383
SHA5126da52d8cae660ee083fc093be39af06c78d44bc18c0ddcab2523eb39415c742ebf0e2670219540035443e1f4633428fb50dac2789feb655e1e0e3cdb37fea1cf
-
Filesize
8KB
MD5147bd56715fff616cc07702e0740fec9
SHA1eb27b97c0ae72b124c7516dd3500434360673068
SHA256fb8acea963e1d64ae1aa990a5a6b86cbae3240453d8fa17c07ed6bd16a78b636
SHA5128fdc195b463fa749217aba53aa00c92c19acf66a111379e550dc7ba1c56af33514d5b15fb802a7fb0fe4f6ff1f5937f13dc02c9b8aba3907fa72697b52f8a8e2
-
Filesize
9KB
MD52c0fef6571c02a9d0c9bf9536ffbd29d
SHA15e26c93046ad2fa3681cc8d8b9133edfa98cfcff
SHA256970751548cd47ff7331a6397c326d869e2c25c09e8ba95b1aea56dfb1ac08822
SHA51287c3f322e73bfb46e54b40b5a003cac6980e7025435c97f2481f7392c258450ee1d9edc2b988d4347fd4e325bf5ea3230948cbea3b9c3237720bf5aea7854a7c
-
Filesize
8KB
MD549c7dc8e028d8da51fe3bbd0e10d1995
SHA11390d686708b6c469573a13de131d83f6ef1b3e5
SHA256f7a19b0015814938f9ffc769c196407e72d83e86be5a1d673b730257a5b66426
SHA512b0fd944adb4c3281e02c2b4cce5b716137a8380ee1b96ec0945110d785a3e206ad3d8d4d7e12625e0b0914ed1f82163491dad974bd6ae43d56dbfc45921ea8c9
-
Filesize
9KB
MD5e1a55c0b182bea83c6e0bc31385d21cf
SHA1e8a1a02f88b95c79f337b8d33c64a5ce0c9c7d58
SHA256e4cbfe4e2868cca419c2d2701f3dd27e27551cb7c174bd62f6a00a917591be4f
SHA512fe4f8ca9e022168d164d0dcb22eb230f424f13e42a42b78aec837a78785b75aa9440b2fa7aea18907c63e5c944b4b7813ddc00ba3ea528ad322d474d15396f37
-
Filesize
9KB
MD5de273874efb762747170b47ee7969812
SHA11286d0bd5723010409a88f8fad96d71894246466
SHA256e90459f5132c528fe73d87760fa10e4ab8386b2ea71d1b59cf72c75b56d6e012
SHA5127f6e73bde17ae910a5ddad1be8b62b0deea4a7437e5392dd66958d8c1f00c4a5265bb81cca446d7d522673c85bbc50e327f2dfe0f416629d35de48c7746b970c
-
Filesize
9KB
MD59978bfec593bac6707cbbe1fd6faea26
SHA1b7aa2c8a7f774179e0654efa6bfcd773cd46046d
SHA2563196f6c1d2c9ae19cfbe7af44ac9809bb6c0e0286b19e6f42f834cbeacf48a92
SHA5126633e4811534d61ae1a63b73908fd8b52d42de2d5b02cfddc2e68c6ef409036fb88f759ac885bee307cf94993e349678ee2836903265f10e5fd59933ce14c447
-
Filesize
99KB
MD5fe29f1519bec69673a1cea31c4912e95
SHA1241c5bd3ae21684c55e7ae74070e1a262fdf2dfd
SHA25645284d5eb98b05941117c2dfeb61be35982b629acef196a08776ef4e8f21aa3c
SHA5120a1788bea07f7b48bc9853c5e140c1a209cfcd1fd0d873c9f545ecc03e850ebe828867a5e8a18bae078d0e7c75b924678a4ab9ee90b2aa100489061e8626551a
-
Filesize
99KB
MD594bc5361ff9758f9762ed25899bde53c
SHA1daeeab81cc1487fb6c6f3fccdb64027d5bf01c8a
SHA2564fe2a4dd150ee86933d1b57d337cdd0cecc0788fa3846259deb2621c5fd8247e
SHA512ae68eea581e6774f409e42deecfceec3407bbf1e43e4e3d606a9a066623f1f92bdd4e2170940859646d5f5acdca61bb49246076787d9d837ec4e04fbe28eda78