Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
20s -
max time network
26s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2024, 11:54
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://powerdoc.co/pJwxeSQCWqYJRq1M
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
300 seconds
General
-
Target
https://powerdoc.co/pJwxeSQCWqYJRq1M
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717388725264629" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4664 chrome.exe 4664 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4664 chrome.exe 4664 chrome.exe -
Suspicious use of AdjustPrivilegeToken 40 IoCs
description pid Process Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe Token: SeShutdownPrivilege 4664 chrome.exe Token: SeCreatePagefilePrivilege 4664 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe 4664 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4664 wrote to memory of 3844 4664 chrome.exe 82 PID 4664 wrote to memory of 3844 4664 chrome.exe 82 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 1764 4664 chrome.exe 83 PID 4664 wrote to memory of 4008 4664 chrome.exe 84 PID 4664 wrote to memory of 4008 4664 chrome.exe 84 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85 PID 4664 wrote to memory of 1200 4664 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://powerdoc.co/pJwxeSQCWqYJRq1M1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff83db7cc40,0x7ff83db7cc4c,0x7ff83db7cc582⤵PID:3844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,6788627666497159157,1640121877049052645,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:22⤵PID:1764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,6788627666497159157,1640121877049052645,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2368 /prefetch:32⤵PID:4008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2128,i,6788627666497159157,1640121877049052645,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2452 /prefetch:82⤵PID:1200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,6788627666497159157,1640121877049052645,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:4440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,6788627666497159157,1640121877049052645,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:1576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,6788627666497159157,1640121877049052645,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:82⤵PID:2804
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:184
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4220
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7a6b0bd5-2d1f-44e8-9fda-8755ee31da63.tmp
Filesize10KB
MD5a0dee47c326075c04e37c8327e338bf9
SHA15bc54af300bad6c811705116c4c224dd0e9b83cf
SHA256c790d1ae395cd4511c183c96d62e58b35369be09c0cbed517979c787c572af63
SHA512559d957291ea9f3b066130551a153dd22c52a1dbc922c7033518b3662bc03252355d300a81574b88d354681e45ddfc835c03378a61547e5b1eb9d89bba6ab148
-
Filesize
649B
MD5bfefe63beabaa861ba62221b18469404
SHA18d75e81d47a4318cdb73ff67c173ab5b13476766
SHA25664467b4cae66381f23b2e2617c4708c85767666e2e1ccde1913a5a250ccf795e
SHA51278bdba36c02f232a06729c38dd0a3a747bd6a78aa02778532dbacd4475c5d6850798de432b2334082f2dfcc839b682abc516612e66dae81ea532bd5f79d0af0b
-
Filesize
264B
MD594105564717033bb07fe39542b0f14cc
SHA1546d81112cc58df0b0b1e877ef7a043b4a8cbb74
SHA2560f15b30e59fe7123e70c383add2b1247b66ceb6b9dd62c5058108bd27958d827
SHA51278e4188e3236f0f6288875b881c1a5882684627669758582504172634692240a3749ef556670aac6ef811991cf2a4827979524d637b88f504db6dc6a54fba804
-
Filesize
1KB
MD50e4c0a0568d84022b304b0caada5c4b2
SHA10e658a9b9aa661db5b3db3d22bbbe828ae64a447
SHA256d09f7613f61fdd4cc024c189825246d798ded71b075334b9657b4d36526c6e8b
SHA5127aca1e61289431f516f59a521bb02f9bd8c21dea65eb8c49278bd2798f4577990cda85fe7da438569f480bccefdba7ad911b9b5987b0c5b94a0ad2771dde8d64
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD505a035918ce63573b86c35a6a99acf89
SHA1f7542c1d1c2f686499f6af454094a4027ae29608
SHA256705b394be9330485ec4400f356b353c532df495eccfa3b8f5ecfd2fe2ad1b873
SHA51268bd2551f01c83d87e7ce8a110a50c3bb52c3a14757f9220c559483fac58d55a5658c824dfbbd2f226cb0db3bb4d21a8bec24e093e12fb418e530f5c9dc1ee47
-
Filesize
99KB
MD54edb3c0967347c813068a39810fd6749
SHA1710c0e4ea556033290f608fa00f0664de4a0d456
SHA2565f3c21ae5868dc3a83c8ae2cdc514eafcdf8177e78872723201962e3ab63db30
SHA5123a59810f475cdf2ca135ee468b67ff6a59d5a6c52a8047840b0d9459c7e2885fbf78d35ee2b731a86ffc432e7753f1a3a897aec6f11cf7c1943820f19eb4edb2
-
Filesize
99KB
MD572ec8663024e72dc010caff0e5b70488
SHA1a8b9c9aadb9e92d3a65c42213794a71a569e1cfa
SHA256c8c8417e17bdaab31f9a082b4df752eba3cf2e108ca48b75699f478314c361f6
SHA51250e54f2031a05791e08063a246b52cfdb87467440f272a371d7ce9f74c7430a296c74fc48176dea431e972b74a4bd967e77f00a9d0b83499ba1442b9e48ee5ce
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58