Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
11s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 11:12
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://login.4pscontrol.com/nsecure.4pscontrol.com/account/activate?email=mmatser%40heijmans.nl&code=CfDJ8DN1V5cwX7FApxVmVvZbwjngGkNheGBbwpN8CSchnzqdVuzkB81s82k2sl6wGaF8G5wD9Ixv8NqHBi2xSbjVauEkM30KdDEgmAFLcXSSSHNPKasr%2FF%2FoApcd%2FxO1sO7pDSapbAm%2BBhA1inVlhAAo18GEeverQPwFQB%2B0pro4eeXSWPbRS%2Fv6uaA%2Bw1ixIEOncc%2F6H1rSSTAUz%2FHwGPjRj333qTZl9nVinLlMobvV15%2BtZSG6iY6oX5BFvd5AQNR5yg%3D%3D
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
60 seconds
General
-
Target
https://login.4pscontrol.com/nsecure.4pscontrol.com/account/activate?email=mmatser%40heijmans.nl&code=CfDJ8DN1V5cwX7FApxVmVvZbwjngGkNheGBbwpN8CSchnzqdVuzkB81s82k2sl6wGaF8G5wD9Ixv8NqHBi2xSbjVauEkM30KdDEgmAFLcXSSSHNPKasr%2FF%2FoApcd%2FxO1sO7pDSapbAm%2BBhA1inVlhAAo18GEeverQPwFQB%2B0pro4eeXSWPbRS%2Fv6uaA%2Bw1ixIEOncc%2F6H1rSSTAUz%2FHwGPjRj333qTZl9nVinLlMobvV15%2BtZSG6iY6oX5BFvd5AQNR5yg%3D%3D
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700948129130695" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4420 chrome.exe 4420 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4420 chrome.exe 4420 chrome.exe -
Suspicious use of AdjustPrivilegeToken 22 IoCs
description pid Process Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe Token: SeShutdownPrivilege 4420 chrome.exe Token: SeCreatePagefilePrivilege 4420 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe 4420 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4420 wrote to memory of 4824 4420 chrome.exe 85 PID 4420 wrote to memory of 4824 4420 chrome.exe 85 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4092 4420 chrome.exe 86 PID 4420 wrote to memory of 4944 4420 chrome.exe 87 PID 4420 wrote to memory of 4944 4420 chrome.exe 87 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88 PID 4420 wrote to memory of 3424 4420 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://login.4pscontrol.com/nsecure.4pscontrol.com/account/activate?email=mmatser%40heijmans.nl&code=CfDJ8DN1V5cwX7FApxVmVvZbwjngGkNheGBbwpN8CSchnzqdVuzkB81s82k2sl6wGaF8G5wD9Ixv8NqHBi2xSbjVauEkM30KdDEgmAFLcXSSSHNPKasr%2FF%2FoApcd%2FxO1sO7pDSapbAm%2BBhA1inVlhAAo18GEeverQPwFQB%2B0pro4eeXSWPbRS%2Fv6uaA%2Bw1ixIEOncc%2F6H1rSSTAUz%2FHwGPjRj333qTZl9nVinLlMobvV15%2BtZSG6iY6oX5BFvd5AQNR5yg%3D%3D1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffbd42ccc40,0x7ffbd42ccc4c,0x7ffbd42ccc582⤵PID:4824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,12835259077125508326,6859090181191329477,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1952 /prefetch:22⤵PID:4092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,12835259077125508326,6859090181191329477,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:32⤵PID:4944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,12835259077125508326,6859090181191329477,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:82⤵PID:3424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,12835259077125508326,6859090181191329477,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:2404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,12835259077125508326,6859090181191329477,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:3284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,12835259077125508326,6859090181191329477,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:82⤵PID:4624
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2520
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5b8e548d5e39ff3d2d2f962d190a6659d
SHA13ecc31ac9862f0af7c81a35079b55ac8a9200add
SHA2564b13457612cce7085ef14d38e233114c8fdcb31ecd000ecd927e186bf9fc41ba
SHA512e4f7655f44313a514f56498876a51c1a4225bd763bcff0eef04670b3ef4d34ad4f87cad775a70fc58cde7f04137bee743df5c556ad44d8454f778a7d7e76b707
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5b6b68d823faaf6fe3d1206babc46777f
SHA1a12f2e3ce7040cab14a923f9ece8bc7fab180520
SHA25680bd5346e9eb71104629eaa66e40b61ff4f4bb148d580263b0b8ac6c8ced36d1
SHA512cd21243cc14eefdb379908064e1c38a09606f9df4c0c8810e63a220814b4cd11fcbbbdb56559e8cc39d4b69139fb0cd2af46366842b66bf3839c0752b27876c4
-
Filesize
9KB
MD5232fd28764fdc6bf491a518d0bff4752
SHA1839d6394ffdaca2aa8fac94093b76e5db2764b8c
SHA256e71804702096430a1430aed2b72f508741411a30da58593e865763129fd262e7
SHA51263f0467445533d517518e531402f9d71fc533323b3bdea5d6d76ca8a5300803d2e37fd7672ac8faffc3bbb884328108fd129a401b4fcc68d18bdb7816e39762c
-
Filesize
99KB
MD5e040fd8d909d70e051f67bb005884c99
SHA17a6dcac1c07e0db31c1935f81d6a319afd221db7
SHA256185057e76f21ae52d4de2ee65bf56a30bf6e221dcdb17e636dc8347b14e2b75a
SHA512fcd235e3c092c839395a74ba9fd19f26e4e283a0976a68750957eaa47400ea8d0965494c63d60c174bc58b7d565049ca07b2e106fdde285f07e1eedbfa6391d0