Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
56s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/09/2024, 16:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shoutout.wix.com/so/fdP6evAND/c?w=M7NzM0zSkkC4uBpekDt6aT_MjiXH62LrQj6a_Xd-kPk.eyJ1IjoiaHR0cHM6Ly9jb29pbmctdGhpbi1tdXNpY2lhbi5nbGl0Y2gubWUvIiwiciI6ImFiMjUwZjQzLTk1MTktNDM3Zi1hMTA5LTM5ZGViYzQ4N2VmMyIsIm0iOiJtYWlsIiwiYyI6ImM1MDFkODY4LTFkOGUtNDAyNS1hMmQ3LWM1Zjg5NGZjODAxMyJ9#?email=am9lLmRlbm5pc0BzYWljLmNvbQ==
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
https://shoutout.wix.com/so/fdP6evAND/c?w=M7NzM0zSkkC4uBpekDt6aT_MjiXH62LrQj6a_Xd-kPk.eyJ1IjoiaHR0cHM6Ly9jb29pbmctdGhpbi1tdXNpY2lhbi5nbGl0Y2gubWUvIiwiciI6ImFiMjUwZjQzLTk1MTktNDM3Zi1hMTA5LTM5ZGViYzQ4N2VmMyIsIm0iOiJtYWlsIiwiYyI6ImM1MDFkODY4LTFkOGUtNDAyNS1hMmQ3LWM1Zjg5NGZjODAxMyJ9#?email=am9lLmRlbm5pc0BzYWljLmNvbQ==
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703743396724086" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5076 chrome.exe 5076 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5076 chrome.exe 5076 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe Token: SeShutdownPrivilege 5076 chrome.exe Token: SeCreatePagefilePrivilege 5076 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe 5076 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5076 wrote to memory of 1660 5076 chrome.exe 83 PID 5076 wrote to memory of 1660 5076 chrome.exe 83 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 1132 5076 chrome.exe 84 PID 5076 wrote to memory of 4784 5076 chrome.exe 85 PID 5076 wrote to memory of 4784 5076 chrome.exe 85 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86 PID 5076 wrote to memory of 432 5076 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shoutout.wix.com/so/fdP6evAND/c?w=M7NzM0zSkkC4uBpekDt6aT_MjiXH62LrQj6a_Xd-kPk.eyJ1IjoiaHR0cHM6Ly9jb29pbmctdGhpbi1tdXNpY2lhbi5nbGl0Y2gubWUvIiwiciI6ImFiMjUwZjQzLTk1MTktNDM3Zi1hMTA5LTM5ZGViYzQ4N2VmMyIsIm0iOiJtYWlsIiwiYyI6ImM1MDFkODY4LTFkOGUtNDAyNS1hMmQ3LWM1Zjg5NGZjODAxMyJ9#?email=am9lLmRlbm5pc0BzYWljLmNvbQ==1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ada6cc40,0x7ff9ada6cc4c,0x7ff9ada6cc582⤵PID:1660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,2504819541146852634,17245778108124331499,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1892 /prefetch:22⤵PID:1132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1616,i,2504819541146852634,17245778108124331499,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2180 /prefetch:32⤵PID:4784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,2504819541146852634,17245778108124331499,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2172 /prefetch:82⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,2504819541146852634,17245778108124331499,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,2504819541146852634,17245778108124331499,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:1988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,2504819541146852634,17245778108124331499,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4616 /prefetch:82⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2872
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5cae76bde3405d69fc99f7c1bd02b7009
SHA1a9bf9b024cb2bcb8edd42d1d27d89d114a59c6d6
SHA2569eb2af2c806b70230c732b60f7cd11b977eb8099e82d41c2e5704567864da37d
SHA512eff4f1eeee54596dfa7f78912b3731cb4234f8824812b82c8c3c66d962d9850e460d3ba2560bee2e912309266eb7399019293af3f79db94a30582365f269c390
-
Filesize
1KB
MD5d867e6961f028c4a7d6336858d483936
SHA12f3fcdf2093326f97339449e86d84f4ddbdb0b45
SHA2569006a3642269af0594e84fb34a3955864d8489576fdc29a8ebe46ea1dbf0f40e
SHA512472750df17e7f3e9b5b0cbdf8e2f8ca3a02084a6c59fae8f6a75f857f074454a27a63b2c11c990a61be85c1dc866e968dd7ad3ff6829f8bf16c3cfd663e2cb92
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD5293608f585559b0661ee032ffa2ff1b1
SHA14fbce60ec184ec2e00ca8118d4c97e7c04abb40b
SHA256593287231e9c58e312d7fee35816d85a13d6bb8d1296dde3df4db62d76ca9c57
SHA512e929ebc37639e9c0bb6bc7fed982b94101834caf10b5c0fc9d117ee1a6b1580ec918196d8a496154623308511de3cb39cf5ad8d2a1f9b6058ec26df40b61cec4
-
Filesize
9KB
MD5de98bef8725f12a17fb22d8ee90110e9
SHA16c3fdf6f42b32f5a8e7b554956abb177f47162d2
SHA256c3dcf6e0bacfed5e8d185ac1f740b71b6eee1ff25134e8f452181a971ed31c39
SHA512c79e88ce6a305152ea13bee5b800dbe50cfce2361050e60e07d53e0ea15d5644d82035a7e4acc536bfe81a1012d48f6fdbd5a914cbdfbc4049973aef26d200ec
-
Filesize
9KB
MD5da3f7ca49f7254eea099ed6c42ca2673
SHA1996c11e975219c1c5f29f2547596b6cf5a92fd84
SHA256627bfee9cc70f483d44c282ed847b47e08693ac407306be7852c78c2f04d4b2b
SHA512e76a80e308d536afe506a92a8ec7762188fa1f2a39e3ff1cd2702789d121dcc2f896d3ddb10dfc8582510fd33daa920f3218556cbac83b4f75aa9799b4afb59c
-
Filesize
9KB
MD5d55d62c89d39c0083366d50ded805e38
SHA1588e4f00f07236c28f51b94e73c45fb33c5402de
SHA2562513d640d1fb213b70bfff03f2d92da51c7a1d20a43f1467f1ab640e24ca1256
SHA512d26a37369f6fbd32a31cf219395a7723026bdc8f91f29c66671fa9596e3e6760bc238099f9bf9635c5b95727a11cd3bfa39bda7e5d271d02a2d9e3b38fae2743
-
Filesize
195KB
MD55e4409542667769ccf18d23e413466b0
SHA152fdd7379afc39d4d86729b2572c361efb39b1ba
SHA256812ff6221c6cfc1c33d5c72b4466724b2d106d9dd8dd441b6e7950f2c2dee3bc
SHA5122ab911b9888bff3bcd09d871590b0226537bfeba19c2383174c2a049c5d44d94b617c2bbe3d4ac38dd676a2efccf822f54f816432fc960fbbab3aae87f0fe3f7
-
Filesize
195KB
MD5ddf60587185b01f6296bf08b6ad890f2
SHA1344d3f0e8f984d7e46d3975e3b516dba5a75bd83
SHA2562d09b2911d7e0e058642946105f344179e9862a493dfbe95efcf72ed989dea2d
SHA512750d186610756890886dab73e4abee80fea7aac2b5639de2da58434cd2ed09d4807364a44bd77c554842771c174884db7a7fa9458b6d0b58f0eb27c86eda4f98