Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
69s -
max time network
70s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/08/2024, 12:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://ns.useplus.org/ldf/xmp/1.0/
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
http://ns.useplus.org/ldf/xmp/1.0/
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675082092360007" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4804 chrome.exe 4804 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe Token: SeShutdownPrivilege 4804 chrome.exe Token: SeCreatePagefilePrivilege 4804 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe 4804 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4804 wrote to memory of 1656 4804 chrome.exe 83 PID 4804 wrote to memory of 1656 4804 chrome.exe 83 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 1128 4804 chrome.exe 85 PID 4804 wrote to memory of 2852 4804 chrome.exe 86 PID 4804 wrote to memory of 2852 4804 chrome.exe 86 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87 PID 4804 wrote to memory of 5092 4804 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ns.useplus.org/ldf/xmp/1.0/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa8fa3cc40,0x7ffa8fa3cc4c,0x7ffa8fa3cc582⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,16779337982848450492,13689361834589732846,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:1128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,16779337982848450492,13689361834589732846,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2052 /prefetch:32⤵PID:2852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,16779337982848450492,13689361834589732846,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2596 /prefetch:82⤵PID:5092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,16779337982848450492,13689361834589732846,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3060 /prefetch:12⤵PID:2980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3036,i,16779337982848450492,13689361834589732846,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3012,i,16779337982848450492,13689361834589732846,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1588 /prefetch:12⤵PID:2640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,16779337982848450492,13689361834589732846,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:82⤵PID:4608
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3532
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD536d1aa49f86bfe369cef85fbae76ec2e
SHA10e77923c9da2beb1a6278d581052184e69194125
SHA25642ee3ec972cc37c0ef72e817965f54e8a155c1c4a2e11e22a20521f11f4a0e36
SHA5125e849fa9ad0827b50a1074196ee44b5af7bab9216d33bc60bc292d6eba5d92d0a99060dd749f6b66d3d8d42d8046406620dc1118393849089ffffb4ad4d7cc28
-
Filesize
8KB
MD51db52c55f22d146eec2edb07d9325544
SHA1488734a7772b4591004cb78c82719a16d46d1e90
SHA2560d93b34ecf3f861f931d978ca6d834bb5030f48e0d67efae80348df7c89dbeab
SHA5121b6bc117155eabc58ee2f677da3a07c850188d2ae150e42a5e8193c496e1640c45ddb1982e7f583d65fcc45f50881cbfef5e498f4cb64ec8198f5346c7d7cf50
-
Filesize
8KB
MD5fddadc9645527322a50b688c2020afdc
SHA138d5ee7c25a23a6adc980a5327e91cf4348afa25
SHA2569372c6c0ccf957da2b2020b26a2989d7afae9bc2db685a0a8c698f98a26a3a0e
SHA512a94ea85b3b7d96383b49b2e8ac4959ed4fe7002db6ed83a95d092ea3276aacab034182b9b56713c77121f4d3ab398a906f1fa94fe34dd65a801830a66f0f5c7f
-
Filesize
8KB
MD56da796627a9f6c22ede86ea30d2d7660
SHA1a21dcedb2d704946483d7a535901c17cb8205344
SHA2565282a265c7f5c0e23e49acad4b0b87b619b50d3775d10b003822cb9380b43a49
SHA5121138be99fa3aee45fec2c50e872638f0b7452f8cc59ad5e1b0f85fe85d01090e0d9d18d237f95b23dc17230b371a3e4e6fadc1ae6790a18d198343b6de161346
-
Filesize
99KB
MD5dc265739ab9c0af54b3942b3b4d65c7c
SHA180b3e41a6e54a43fbec379c9ab6df41d7b0df49d
SHA256335b18a4e7979f1e57ce35f0760629f8753ee1cbba0527b89a1869472ae9968b
SHA51288c7bb784929ed062509a14708afdd021440c6a36cc21eedd05e80d7f168bb9a15c00df490269fff80a89e0e46a468e01b473b60f02effa264aa6a3cf3857ba7
-
Filesize
99KB
MD5c6dc81f3940cefeb524ec9fc1ad10fbd
SHA1884672b8162e206eacf27dca4cec6f0c59b458fe
SHA256398390da0d92aa68996ec927cba1fc4015d3bc63540a6a548a93d42d2af2024e
SHA51283fda78b0049c872f5b1fed3edff857a28f646db2f807a2f226b470314717a600ffe84acb22591a45ea5e6581332a1f3109e56b01c9bf2537dc7400935137cd4