Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
74s -
max time network
73s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/09/2024, 14:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://steamcommunity.invitedeadlock.gift/deadlock
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
https://steamcommunity.invitedeadlock.gift/deadlock
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714022046943589" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1036 chrome.exe 1036 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1036 chrome.exe 1036 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe Token: SeShutdownPrivilege 1036 chrome.exe Token: SeCreatePagefilePrivilege 1036 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe 1036 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1036 wrote to memory of 216 1036 chrome.exe 82 PID 1036 wrote to memory of 216 1036 chrome.exe 82 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 3676 1036 chrome.exe 83 PID 1036 wrote to memory of 4224 1036 chrome.exe 84 PID 1036 wrote to memory of 4224 1036 chrome.exe 84 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85 PID 1036 wrote to memory of 940 1036 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcommunity.invitedeadlock.gift/deadlock1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffab4c7cc40,0x7ffab4c7cc4c,0x7ffab4c7cc582⤵PID:216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1688,i,6428293519691712091,4822038442174093247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1692 /prefetch:22⤵PID:3676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,6428293519691712091,4822038442174093247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:32⤵PID:4224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,6428293519691712091,4822038442174093247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:82⤵PID:940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,6428293519691712091,4822038442174093247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:3660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,6428293519691712091,4822038442174093247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,6428293519691712091,4822038442174093247,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:82⤵PID:1420
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3048
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD53be1d1ed0f0109f2e5c372729625a895
SHA136b2ffe9cdd3eaac8c207d5155298c0dfe5d5ff2
SHA25674ea41af870a09d3094e6802980da814bb92624346ee192522ab9e54163d387d
SHA5125f20a887e7d0d2f961388af344acf7d346ab46722d6cd214188ba9c1af1d5fb31cfe40c46ba66c47717b48bc17233bf6e3b390314f25d1fc9a3c604b338ac430
-
Filesize
240B
MD5d9fe07e1bfbf25ee8859a8163797acaa
SHA15a32435395388447780aa8a0c590491a02c949db
SHA256f41e68a7418f3d1fb10180bb26664a35b895748afb92d46b46b9af67daea7cb7
SHA5121af306c6b08a3773ac567283b948d6b8d621edc37be76ee2af80e3f83a5d9effcbeadf8ee1b9adafe083a45a0c5b61e7549c0aa83d74d9772bdb0777c6aeee4d
-
Filesize
216B
MD5eb1841d942485dcdf41d6eda8606d7df
SHA11c6a2b65f71156bcbc35c620b1a8509468b63392
SHA256a0ba6cfe26d225ff752358f2dff54fed59224221dc5f088a8ecfb4a517f945af
SHA51278f762131146351a4734c751a3d75163cf299da49853a76f874df91485c7a598a475e16c6103bd2e8f3644e8db5c41ecafa024a6fad1ce473f70de4e339874fc
-
Filesize
1KB
MD50757c7c29d9eae084989cbe446c99461
SHA135ca127db6d3cb3b9dedbe656114f958c285005c
SHA25672a4808cf50ef943d0c1cd385137d5a0556656e167df3529732ab2fe1e633f78
SHA512fbb91b528d55bce6373b766f82e394bffd186fbdfa166a3ae93ff03c0fb43c53e79dda4606407d449c84be80f7ff8ccf24835f79f4006cc93728a4304c0714d3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD53260089d52cc71e213b2fee2cc704db7
SHA14a5f19831c69c981ddb1a0d4b82d6a8f9ef9cdd5
SHA256f57e0e8b91c5f140d3837904ce8ca8ee970f417e6c97432ab793849cdac32156
SHA51283c0baa1e93083bab237d6d5faedda4f5f95ffadca1e87607b10535ccb9c618dac62ef6beb5a4214df70ad17f96825ea2032e2f58f45390c6d9afdf40c93c6d8
-
Filesize
9KB
MD515007b1f4dc5694af197c20b6b2721c8
SHA1eb323ec798d1a6a5656302c3d59be519c22eef89
SHA256f12fdd0ecd32855a1e7f042889f34e7ab2d9c51a6c5097451dc3404da24e76e6
SHA5125b3034ccce5fa43a1fb1a0b674b432ed764ee3188fe7101ee8f2098a8f4305b6189a056029da44ba1ee27d6566151bf225bea47120fb3e4032750ee64c30a5f3
-
Filesize
9KB
MD57e90692e2b33120dfd988b75469be67f
SHA16ffe103f2a5617b9e8b1bfd5f1912c09d04e7d19
SHA25656aaf8086224202b578138e1d8e7b968b4ad943a75b1752859e5df980ec69ce2
SHA5120b38c7a5193b86a2302fd6e6fbe87821cfa75efe8687d764dce8f846bd8b872f9cf820730a38263f1bfa8c9e85d5a26725d38b24c0591d42e6c5ff87f64995b0
-
Filesize
9KB
MD5ba9f6802940fbfdbc65188f5fe9be5e5
SHA12c7e97f4be6eb8a15cdebdfc9e2ba760a9b2df41
SHA256c773a322239a3f3fe66ad9393b58b662abc58a936f23839bc857f6c0eaa684d3
SHA5124720584ca64d4b9979ac91616498961f53d3510c652914eda24668378c57585dc014e2051049ce691f9877497b9de8afc8ff9abecfbc23331ab295c1d283d4e9
-
Filesize
9KB
MD554c117b85e3cce446e154a9d6a89960f
SHA1de21bc67661a362a75c8d7e94e2a5af6e3197ee1
SHA256c6888b8ca87207b5925b49b1d36b9e4d67ebb9eb4bba2e6783905d39d54d88a1
SHA512da59ff7ce86f78d2d0ae83d7af654707104bd97a88e0a615dc61cf6b6d6e04c9a0f084226e85046862f799a0f2fa822a5d0c050c131dd88b0c24c576f0e1465b
-
Filesize
9KB
MD5ee0d127db90dd93e25c762bfd2554f09
SHA1f3dbaaadf285a732bb434c4a90797254e79eac8b
SHA256727dba1e52d2b52541bde475545e0973a2f1f9462765b8acb07221105c937b3a
SHA51299e84131311e39a0fb1cc7c44b06bcdef28c44911387b608217d4eb57a1c17bfa4d532cabc96499216f389f65dadaaa7748f4ac9d74987dcf3e95288ef61de51
-
Filesize
99KB
MD53c3327687a89a9b144da5767fa6aaa02
SHA1242784ef0b87fac5fc962d7d9db4e3eea81f12d6
SHA25640c0ca046de06edb9ffcdd70ca50eb991c1e69ffc9d3d5044f280071a630b1d3
SHA512d5cb3a55c4f5814e90277b2f5f63965562980ba9f52172941785a0ca895838bd1ee008597738d49c568b90407dc8fe65458795cd4276f6245561039316a4417c
-
Filesize
99KB
MD5335171d52f71969bf5b2634a628466a9
SHA12e0939dba196ab75501f307857a83003c6dad920
SHA256866bea13ae90766ad21981bf7dbbc288e0fb596fb35e3f90591bb1e767e2232c
SHA512c7c561ad54d78a7b36e6c7a3d8829a1864ec9aaca1edc3e15b8cf249ce8ad7867b8fc0926c140d7911d0c7c48b9afe1c3db5789bc5baccef006af9b27e34d612