Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
12s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 22:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.google.com/url?q=IrfT8NMLx6QPaJgv6Z3g&rct=A43YKEyGbG1QTmcXJOMf&sa=t&esrc=d9QsMvgth0ou8iIuinpP&source=&cd=VL9lh4V0u7NIM3J5tWCA&cad=qudlyk2tPd0mtHm467Qg&ved=XB5ToBOLsBdLLCVRTENy&uact=%20&url=amp%2Fnkgwete%2Etech%2Fmmm%2F
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
https://www.google.com/url?q=IrfT8NMLx6QPaJgv6Z3g&rct=A43YKEyGbG1QTmcXJOMf&sa=t&esrc=d9QsMvgth0ou8iIuinpP&source=&cd=VL9lh4V0u7NIM3J5tWCA&cad=qudlyk2tPd0mtHm467Qg&ved=XB5ToBOLsBdLLCVRTENy&uact=%20&url=amp%2Fnkgwete%2Etech%2Fmmm%2F
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705671510990459" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 700 chrome.exe 700 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 700 chrome.exe 700 chrome.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 700 wrote to memory of 2256 700 chrome.exe 83 PID 700 wrote to memory of 2256 700 chrome.exe 83 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1036 700 chrome.exe 84 PID 700 wrote to memory of 1760 700 chrome.exe 85 PID 700 wrote to memory of 1760 700 chrome.exe 85 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86 PID 700 wrote to memory of 1956 700 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/url?q=IrfT8NMLx6QPaJgv6Z3g&rct=A43YKEyGbG1QTmcXJOMf&sa=t&esrc=d9QsMvgth0ou8iIuinpP&source=&cd=VL9lh4V0u7NIM3J5tWCA&cad=qudlyk2tPd0mtHm467Qg&ved=XB5ToBOLsBdLLCVRTENy&uact=%20&url=amp%2Fnkgwete%2Etech%2Fmmm%2F1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:700 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e2d3cc40,0x7ff9e2d3cc4c,0x7ff9e2d3cc582⤵PID:2256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,3280876037413283285,15135474758776604398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1852 /prefetch:22⤵PID:1036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,3280876037413283285,15135474758776604398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:32⤵PID:1760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,3280876037413283285,15135474758776604398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:82⤵PID:1956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3280876037413283285,15135474758776604398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:2636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,3280876037413283285,15135474758776604398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:3904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,3280876037413283285,15135474758776604398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:82⤵PID:3388
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:5008
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5d2f9609abf297ff9a308ec606b5e169a
SHA17ba9e1274440b6a85a9810f79621e08ab75517b7
SHA2565bc5b40d198308f931dbc6907d200919c9e145daa2ce7b309ce349b052ab1ffb
SHA51299fd6b21514276b818bb1f1b1e529fd232e46fb3f2d8c1f57d10f4c3458949af7409f5068368859d6cd7aa17a84216cd327c76d50c2a3669a0da0ea57ea933e8
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD557d26fa5af52c240ed7c98d6dfd9ef33
SHA15486f73680a4771652b012debf5c1626534b34d5
SHA256065d1103463a428c67fe2960e2cbffe5cbedf2eee788a90b9dda5af1727fc6d0
SHA512eb34b46812dc30a0cd8cd61a02df09c683ef08a86f6bd95bbb9a31a1fdde3e34e3b71c33ba06582d262c86347aeab069cb129a54bc452a5c539175e01ad9c7ab
-
Filesize
9KB
MD59644cefa5fbee092bcfbbd50973344a9
SHA140613dee22818b597a3ee16538071ea6ab16be9d
SHA2561018d35172b66c9130e58cae7c8f53d7edce17bac53eb3eeea54e67b70038d03
SHA5129c393be80048329f18df70408944b63651a550336237639fb913516491dd97dfb44258b75c13207662b9f8f8b5871256ba63b5d2ef1350381c806ab3fa1293fc
-
Filesize
99KB
MD5675538a784f79b923d72c5ac3189af86
SHA1946190e7ace97069eecdbc7377ee51d77d326d61
SHA2561c902b5bee19c53e5c81dbf39e28e71d595769cb11e52be3f57eb7198d511b9c
SHA51214325b9489349d39e4f1086382cc8273c67dafa7b46b1e0dfd7c548b1a233660a658472d573052557371ea7d299b95a28af618ab9756c230ecb187aa8a86be23