Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 14:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Nordenbamfordfinance.com
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
http://Nordenbamfordfinance.com
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706254595277978" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2612 chrome.exe 2612 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2612 wrote to memory of 756 2612 chrome.exe 87 PID 2612 wrote to memory of 756 2612 chrome.exe 87 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 1508 2612 chrome.exe 88 PID 2612 wrote to memory of 2492 2612 chrome.exe 89 PID 2612 wrote to memory of 2492 2612 chrome.exe 89 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90 PID 2612 wrote to memory of 3452 2612 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Nordenbamfordfinance.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffddaa9cc40,0x7ffddaa9cc4c,0x7ffddaa9cc582⤵PID:756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2076,i,17106273272199314847,3531177910292552818,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,17106273272199314847,3531177910292552818,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:32⤵PID:2492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,17106273272199314847,3531177910292552818,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2400 /prefetch:82⤵PID:3452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,17106273272199314847,3531177910292552818,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3064 /prefetch:12⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,17106273272199314847,3531177910292552818,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3108 /prefetch:12⤵PID:3004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,17106273272199314847,3531177910292552818,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4544 /prefetch:12⤵PID:2728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3364,i,17106273272199314847,3531177910292552818,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3336 /prefetch:82⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:428
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4484
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5843d1461be2ce7fff81d0e4c139e3532
SHA16e53fc93bd1ecabd92c94710868aecbbdb1a2c60
SHA25608cf66230e407ba3c56cdeb6c60bd921350696baa4c40ab59d1fbbcc44975ac7
SHA512005b26fd94b969c287f416406d31df1c04d1b2d91f6f1d80fc58503d45a70c931cd0859864ee13679c60f648c9dc50c9985f6e58cb63d092b5ac3a1e3938b7c5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5278a26aaab0368f9e9e6f37d80c6e689
SHA1d31f8b4048cc4063c5352bcffc617098619aefe9
SHA2564fc462c0a056a4c3528f76f26c6b874dce91cece9fcdc7a8f8d57dd55fc0b01f
SHA5128cf6f90a5d55036c853d4f4edc06be1c61adb12b10c29b8fd1249efcdd865a9750f176580ba7ed705ab590440b1e413458532d04371fb5665e34cd83a0511d4d
-
Filesize
9KB
MD5b0e09ee9bb22412e113ba24c39eda2fe
SHA10d44d74bf5a9eedee1585310592126ebba0aa4eb
SHA256646c3760c5f640a49a3c8982f27a8c64b3fae32955e90d7a064c1fd1ed19f368
SHA51280d5f464ebe87655975fbfc73cca369c2a241b4ebb74a8b8d9a519c5c97bcbeceff278d863d2561b0fb17f3362de66f1b7bf980faa67f5ebc7f685129cdb7797
-
Filesize
9KB
MD559e19618927285129f9c1b277e6eae1b
SHA1cddd25dc19af16ca51782990075989e117d6454f
SHA2565625d159450ee8f8f2ee7e6800b3ca882f9eafd73338c3789dd098a0ddac4d5d
SHA51200f1a141b236893e58ae74d5844fd6342a1101b6373d643775e82eef9f836b51f626afdd048a2665b3f0ae3afbb34a7f7b68fe3113a8a421af678e15e8a9d399
-
Filesize
99KB
MD555e017976d2c22825bfe827e7811c2a7
SHA136b88e7d6b5fd84aaab364271d33742606b4f393
SHA256628ff7e2c3caa732d66901541fd276b3d5df16a4afa6d0aa95e436086a9e51e0
SHA5126d619f72d6afb5444994882607e75a0e23081613fc733941eefa612f5c2b379a06d0ea59a1cdd065b59e8d989fea695264236bab38facdbd523a21457f8b224c
-
Filesize
99KB
MD55b9c004ae5a58a7b77affe38ccfb4733
SHA10e105e8d20c260236d88070a3db4b9d5773e6cf2
SHA256036073228424e5967dd1aafdf8b48151a280dba24aa1d9b7a63d8cafb5e07cf0
SHA5124caf330299b2f3c6920b08281d5b3ea1812db26e0d6258a566ce20b8100257cb5f6997cbf425be9b2bd82120ec6f7f859b7e4faa83b69d5c5a717fe9bb13ef32