Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
299s -
max time network
295s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
23/08/2024, 06:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://gofirst.cn.com/
Resource
win7-20240705-en
windows7-x64
7 signatures
300 seconds
Behavioral task
behavioral2
Sample
http://gofirst.cn.com/
Resource
win10-20240611-en
windows10-1703-x64
9 signatures
300 seconds
Behavioral task
behavioral3
Sample
http://gofirst.cn.com/
Resource
win10v2004-20240802-en
windows10-2004-x64
10 signatures
300 seconds
General
-
Target
http://gofirst.cn.com/
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688691019951778" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 4116 chrome.exe 4116 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2800 chrome.exe 2800 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe Token: SeShutdownPrivilege 2800 chrome.exe Token: SeCreatePagefilePrivilege 2800 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe 2800 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2800 wrote to memory of 3616 2800 chrome.exe 71 PID 2800 wrote to memory of 3616 2800 chrome.exe 71 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 3704 2800 chrome.exe 73 PID 2800 wrote to memory of 236 2800 chrome.exe 74 PID 2800 wrote to memory of 236 2800 chrome.exe 74 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75 PID 2800 wrote to memory of 836 2800 chrome.exe 75
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://gofirst.cn.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa50b49758,0x7ffa50b49768,0x7ffa50b497782⤵PID:3616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:22⤵PID:3704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:82⤵PID:236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:82⤵PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2700 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:12⤵PID:2548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2708 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:12⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:82⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:82⤵PID:2332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:82⤵PID:568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:82⤵PID:2408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1836,i,1172950172510673302,2524656409708989886,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4116
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5ffcaeaf2501bf97deeefeb21e43e0b8b
SHA1ccb8eebdd31ba89003ab168be3b3f13479de1f1b
SHA256d2d4d2c4df91d5c57162b900b6d0e2177684693db7591e34491f31a575289835
SHA51264d304a9038d60e5c4edbb0c2c700d32f8da6d9273e403f3a69bb917b22648a5a969e9b8ef7b38d13e9a03e591cd10b97e0a697745e542f31a74f4aadde325bd
-
Filesize
144B
MD58843a0d1d15ee726905d8781c4684be2
SHA188cf116c70f30e578e2c6b01cd9a31b548800348
SHA25604d779ca30792b35562e86617c4b637e003aae9b731afc79fc9725c23e5458e5
SHA5122f33f04502cb3b1f60700f81b30f8194758dbe0bfa6fd7456c14adeaf768c6dbf3fb32cd1bc76fb9a0c7ff71c0d590ae076551ebd82f94a68eae28d665c9cd9c
-
Filesize
389B
MD5471e5522a6b0d9d086f2967770f05cc4
SHA110fb3c9b7aae68565bedc2a9fdd166d744887f39
SHA25683245be7378d7b6bd95485f8a0ba601276597b060b4b91b06fb011c9e368d2d3
SHA512b1b4a17aca53f9aa7742b42f4d626235afcb8bb0b668a60c37fd339707883e121e3e88bfe59aacf9c5a142ac586c70b1b697286c947ab729b90771ac6b23fa7f
-
Filesize
5KB
MD5efb406ce582b2cb606c729364fb266a3
SHA182047533086cc70624e5e6eb5b45164aee466f43
SHA25664931b9225a453d2ef30eec4808fdf449dd3292cb9bde664a42483dbd7c0525a
SHA5124bd5cfb5c8ca1eb76e3fc98bcb67d90faaf7c21940131ce5db86edee0ab61c78b6201d0e56fa2b3730dead85c3d23ce056790e4a5d22844f22ec89b2450f6e95
-
Filesize
6KB
MD52c4ee72b3d7ba15de765bb9558e588d2
SHA11e4403af466dca7dd3c9513b38dfb15d308b2916
SHA25616b1ef0a6e312a32bcf4f17c2e819486ecc65863c5f068d6f13f9f970f96e303
SHA512231bf67e1e8e7e5fa8f4f0f7702a282f838dd616371ab86075cc3ef4a49b0b1283cf84ffe99fac27d2e260abdf6d8515fc4089679ccf7a2541b060cb1bfc196a
-
Filesize
5KB
MD53520c005473e67547927bdc33f136555
SHA1b08cf0c0889cb99b956b3f24096fff60cd35eee5
SHA256a0b459f05001b704d3e945398d0e2f2139b0dd91ee799b15043574d31d003cee
SHA5126220f49adc8fab7cfee19324dfabbc9888e7cc655234968ad507a9959532b1128ffd93ebfd639e703e51b93299837d6db90fcb02853a6ce0992694fafcf000f6
-
Filesize
5KB
MD51c8a77d6bdf77dc26bca9c200e8baca2
SHA1ecdf32ed559d2e20f82d27a98485bc8e3dd254c1
SHA2563186ac66bad45e3cfa5effd84cda434409ed770a67512b1329ffcdb74d8ca622
SHA5120139c37dae9e4bd4c58d64016bef651c3bb2f0dad94106b8e394383619f2b05ecf485d8302107e24195e8683c3e493d44e6d5cb0bdcc68ce66a03f52d07cb8b3
-
Filesize
4KB
MD5ce54796838dd46aa0fd49f4d997176c2
SHA1aefe936633534abb5c155ac5a7682aa00d9e2a08
SHA25626de0c4bd80169a59a671db3364c51ac823d3ccbc63b4efbdc888ac805c09cff
SHA512c0373d3c46d6dabb630f6986f0f24a7772d77dcf27daafe71a1c024d64b5f782d76421ef49e77701c9c223186bd10d7a65f85d53d6413d0783cd67996159598a
-
Filesize
22KB
MD5711bc9b8dd7a13d81aa92138744dfb88
SHA1b26eecbd42153e48f8d493f1e494002daa43cd15
SHA2565e07ecbd35793881f5395ae5e23140054a790d605ca783b11d475fc63a7e073f
SHA51218ca733f63af445e962e7b165037ddc6d6e44448ef26e948deab3bd61f51801dd377f9574703d5cd8aeaaa9891237f3c94d71cd77790330366b6986983de72ad
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd