Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
23/08/2024, 00:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://fonts.googleapis.com/css?family=Montserrat:300,400,500
Resource
win10v2004-20240802-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
https://fonts.googleapis.com/css?family=Montserrat:300,400,500
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688456613084472" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2392 chrome.exe 2392 chrome.exe 1580 chrome.exe 1580 chrome.exe 1580 chrome.exe 1580 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2392 chrome.exe 2392 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe Token: SeShutdownPrivilege 2392 chrome.exe Token: SeCreatePagefilePrivilege 2392 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe 2392 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2392 wrote to memory of 4576 2392 chrome.exe 84 PID 2392 wrote to memory of 4576 2392 chrome.exe 84 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1964 2392 chrome.exe 85 PID 2392 wrote to memory of 1616 2392 chrome.exe 86 PID 2392 wrote to memory of 1616 2392 chrome.exe 86 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87 PID 2392 wrote to memory of 3648 2392 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fonts.googleapis.com/css?family=Montserrat:300,400,5001⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffc868cc40,0x7fffc868cc4c,0x7fffc868cc582⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,16388713618106375,9924398385977999634,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:1964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,16388713618106375,9924398385977999634,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:32⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,16388713618106375,9924398385977999634,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2424 /prefetch:82⤵PID:3648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,16388713618106375,9924398385977999634,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:1992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,16388713618106375,9924398385977999634,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:2528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,16388713618106375,9924398385977999634,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4084 /prefetch:82⤵PID:888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3776,i,16388713618106375,9924398385977999634,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1580
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3228
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5b235dcc12e97390c99e598545b9f0b3a
SHA17047c080ac489ea8a41d193ab47cbfb937aeff76
SHA2562e274a8d51017a98f65e8ca3e68e2588c7e906613a82a72f13ae766e9954e298
SHA512b7effd14407c7554d0de6b8a03cbe072e9fa38c75406c993f0dabb7b001c380f91a1c80cf5e00d650e7f0a875971d41efaa9b2059fc1b29412d3edf900cd006f
-
Filesize
1KB
MD50ea928adf20d0dff2e06b40db92d146a
SHA1dd3f41535f7c879523c1e0f317b63ae4d68c86b1
SHA256a9c8e6c94cc60c55612881ae764c5e31d913ca4d62d405334fcaa2deb088103e
SHA512db902a27066d13e2e358843e5ce7d81c06f1c05827cf1fbafebac837714c71a8315d8d28dffd2d7751a49117f5a960d7fb51b586d7f663798797d3179588064c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
522B
MD520f0c0affe8d3e8c67ac67c02fa13cd0
SHA1452c8f1e6c76014b4a50f200d8b3261f165c3441
SHA256ada5c9892beacd2d1889289843997a50bb2bbd24a884be73a7b09759a295074b
SHA5124cd804276a3b0958a6f17570c6bfa10b1c7b9a8790a126de22b777f97d1b3c05d46e7c6d70d9de678b07d533fdd4f18dffb73d909935f074d4e84aa72ba7a30b
-
Filesize
9KB
MD53533373579ef8adb5b8eac4c3fa94904
SHA171c4b3847aebbfc277e16ace15fbb3e954a30d3d
SHA256ca367565605133783cafd1fdb70e16971ea545f5bae05f51eff35bb311df8645
SHA5121cad238b22f3b6af9a3a57d9ae1452f7f4f8f3047cb94f8b5562b864ef7d47bc4ea2726ce2e7b52f202416ea2384be47720c64b7c064cd97b632e4bec3cfae72
-
Filesize
9KB
MD5b98ec35942c68c538d8bfe1a12df1987
SHA19a301ea01532e3642301c7b2d5448e4bbfefd4d0
SHA25675b7234b790a4641928426cc18c1d39584f413905a9784b522a355e6801a80b7
SHA512594008801a34b19a51b71b731795f53e474f5789e035d6186c9d7c945163a70a13f80f792d00d658dc619f2e3fb3d04d6d4b91916233a32bc39ce7e3b6b613cc
-
Filesize
9KB
MD5a16ad217df90681b413def54ce1ee8e5
SHA1980ffd378e497c9017928594831de3d4669474c3
SHA256b6327cd852f70c0d5bc88ea75fc43fd05b7d99dac7953ee541b0b3b992c99bc0
SHA512e12d9af44a717581fd0522b071a0907b4aa2dbcfff0ad95afc777a85909b05d7f9c7e2bc6eba669596e90973445b01ad0c55db86443779678334314c0eeaa8f1
-
Filesize
9KB
MD58e273ee0420d8db52abe3444d4ce1b2a
SHA1d06f16c75bf9639dc72d6a567fe227ebbaccf53f
SHA25644a9f22f08c4c80de00ab62b3a2459c45289461eeb0ca3421629a014fa2c013a
SHA51256f4aca7a58298b553d3526bb9bec13c714baf78757f48213f8da9c0a4fd7fc62a13d010272afc926c0ee417f01a35ca075d638b4cd629fdd8d3ace9f12578f7
-
Filesize
9KB
MD5481258b030983a6bf398b4154b44134d
SHA175b9f75727a924cbc41449b9387322018f2147db
SHA256447882443a54b20c94c405c3b6228be008874e9f2890f75c950bb4485912f549
SHA512f7d1cdae1d49fd11704e2923d3e662cd980250942cdc96be7525687283d49b28b20f97bc7f5be7d9e4c7ccfc219db50c38c88a14f562e756da0b41c23a5d7c02
-
Filesize
9KB
MD5c8728718d05386da4e894f7c08d5efe3
SHA175c8439273ed4434ab42a3c101e498919a74c2b5
SHA256248d870b6aad83b926483236d3bc57cc7cd09fc6571d121267cda3ec7a7a4c62
SHA51203455dbc1adab2b90351b91c6d8d4872ea06bc80933208afd725626640bc302599e34d3d68c0eb67f80c852494820fe894f037111395e7658c51e4310cad086e
-
Filesize
99KB
MD5fe375647b519a4a1ab1f9b84607651c3
SHA11ad2efeb3a029507664f16ffaea61be17951d9bd
SHA256ac7a5d218e900a492ecfcb09c98ed7e2c18c000512186b57cb8e6ddb349c39a1
SHA51245b2f0a9ee054c4187f6a0517c32055ab23543d938c1fabeed33971bc247dfa381a619bf6522c168fd7bef6ddcecf10a95d1117cbd9c542b0b059031cdb28926
-
Filesize
99KB
MD5f374a2c3f4be6a4c8223e615794d435d
SHA18146b428529806af258f1cc0c33f8621358cee27
SHA256197e66a7cf8e3a1299f8b04eb98d506c022d3cb213383389db121e4e8325f132
SHA512efcdfc0c8f08c4b9d7df3154e03c79754d3a2c3426ec5b31e66a0e294a6dfde61b2a270964db143abb2e82612763ef078c718ab3ffacc0fa9007f96b9c706eeb