Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 09:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://login.weixin.qq.com/l/waEMXWfsHA==
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
https://login.weixin.qq.com/l/waEMXWfsHA==
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133720774751188918" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2924 chrome.exe 2924 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2924 chrome.exe 2924 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe Token: SeShutdownPrivilege 2924 chrome.exe Token: SeCreatePagefilePrivilege 2924 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe 2924 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2924 wrote to memory of 3864 2924 chrome.exe 82 PID 2924 wrote to memory of 3864 2924 chrome.exe 82 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3328 2924 chrome.exe 83 PID 2924 wrote to memory of 3452 2924 chrome.exe 84 PID 2924 wrote to memory of 3452 2924 chrome.exe 84 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85 PID 2924 wrote to memory of 1236 2924 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://login.weixin.qq.com/l/waEMXWfsHA==1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe7afccc40,0x7ffe7afccc4c,0x7ffe7afccc582⤵PID:3864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,8058891853801382050,3742275267885633764,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:22⤵PID:3328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,8058891853801382050,3742275267885633764,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:32⤵PID:3452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,8058891853801382050,3742275267885633764,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2412 /prefetch:82⤵PID:1236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,8058891853801382050,3742275267885633764,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:4184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8058891853801382050,3742275267885633764,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,8058891853801382050,3742275267885633764,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4616 /prefetch:82⤵PID:4864
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3092
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD50aabb72f436b5b1b493aedaadb5166cb
SHA163321104df032ad766149e34ba378ec5df129b20
SHA25657893ceef0fc9f4304447d41d3485c39ae32c10a79995b731787025b355ef9ca
SHA512cfc6432d28d39c2df29a03827060df21e6d4c268318552d17b96e7770842437e862f0736e9dd61d2475115bb3d4ea4fa79bc776235045a75bc7bcd1787fd47dc
-
Filesize
961B
MD5f49c299347730e10cbdba8a166fdec14
SHA1585f8ce70a986b87fc1c5118f6a0ed457da16260
SHA2565d8acbd272ff329e47b77cf2846361b157071cf878f965bd7e832b383816c212
SHA51272feb853716bb95f2383c129dfc2d90d89a1b8816a959f495b3f906d54de4ba5d4307d9706b4d2b0cd90146b90907e50523c69cddd2eec5fef35a68493084211
-
Filesize
1KB
MD5434d0ee15f401df71cf7ce19e7f9d394
SHA114b8ae55b3656b69501217a3cf0577de6be3b7e1
SHA256346c70a3e59a04dee9f169e4c0b3e338f38b6c2b591226a6f0fd888bcd1d3f9b
SHA512df766dd69fd151e9e4604314195d46905c24338fe807b0241b332ef135c01807755445d5ec8c56615c827391662c229386dfdc67f778511bdea0d8bf3a64ced0
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5697b5799a8351f9f645519613ac6d653
SHA1f4b8e307b71b1a9095cc94361c113b942d04a5d9
SHA25610084f7d60adc2e1067b11afb175e280c5f585e007b913ea7995af1e4f55ca83
SHA5122b9f46f951fdf3081ced26fa3c74ad91739f2bc087a6d19058278d50c6f3eb29d83677bc3e79b838e11fc2e893ecfddcce274cf47c71215fe09d5ea17761172b
-
Filesize
9KB
MD5a49fc5bfca972ea45407bdce4861a57c
SHA10d96a60661ced48a809f6b807180a345057838a2
SHA256a54947257d0320e9234c5e4d98f64183c5aae574f7d119aeb02891c7d44953c4
SHA512d5bcf600674fe22dda5bb281f5ab64f790b11b5b54230e08abbfdb7bbf0117df1f40c8e7207d7e42761b44aa5419028f8a320fd1ece3c23e33047f8048b24cef
-
Filesize
9KB
MD5d1365806f25df8e89a2ffa66f4b451e2
SHA10209252f57007ec2351a9d97c894fee33e5a121d
SHA256f7e1aaf1d4ce09d575fc98f7010c13ef149e919e3b3292d3f50cd991ae9ca5cf
SHA51258ab96dd2e92ab817f76f4d16d7105b98c444304847891dfe7809d25045410681a84865bd907163cc5a0153b01dab054e07e5473453456e20e522a214af890b2
-
Filesize
9KB
MD566bd0aaf4778e770723961d14cc408b7
SHA19d70602eb390a2e2f1a95979f1ff592f93084582
SHA256ac13c829aeb0683bf54a17de0dfe364a1a20c999ebe69bf421b9b5ae0f823f8c
SHA51230f218e31aac8448286830b3aa4467158b45ef7c817c15dc6cf4c54656354cde74d2a53dcae9d84c2524e927ec741635ed2aa6af6feb2855b1d191180c1e374a
-
Filesize
9KB
MD522a53d204dad42caa92898e0e546a909
SHA1bb1dc5afa845bdbb594329537553535fec760e57
SHA256ad789c075b2ee4bf0958b64d94751ededb85247a1f3e7c7a9d5fecc6fcf8b341
SHA5123c4f9e6ec4eaa7f1c964a10bdb61f81ed2bc1445288237d0a8748cb4468bbaaeaf862b599c788553d86e8ef83f3717242d3da681f0c06ac089835da1f40ec470
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\daa62703-2647-4c8d-82a8-2432c8aa6412.tmp
Filesize9KB
MD5f539f2b3032ccf370f31d05dd8872902
SHA142ed6cb3d5c28e1e49e3dceb5a373889c22acb4e
SHA2564362bfafe047704e1c637c7de32a4160990910fd78aab6c03b37f4b73535af44
SHA5129e54313bff6c5bb37049ab4c4269077bfc92bb0f4b1f601bdde6279a2b02cc0b6b2624574135b60b0a94f505cad25a06a1b6c5e1298a17caa1f092349d27cb23
-
Filesize
99KB
MD5822fb533be7ae554d9b5b5b931e3bb43
SHA1605697ad3f50b9da99160bb5f98779513179d5ca
SHA2560764d948442a67df8aacfcfcd7e0302955c5839be229da2e93ad6f582398701c
SHA512da36d00b9e0cfdc2dafe63975ae8e8d19e53ed1d117fd418c0ecbc8b7c684f4aefc98de205dab94e970998d6d4bc95f8b455d754f828ce0a64c1a16b901e3000
-
Filesize
99KB
MD5ab4c89a8e2c6dc7c97c7c9a15f1a8a9d
SHA1c0d7b413c9c802fe6eee730239cc094d54654ab5
SHA256bd66b98c253b21fdb3f35616672dd6d88eac5e34fc1535fe66d43c820f9c854f
SHA5121a5729fb78dee3b0c3d015eb81350531fe033c4bbf97c5f960d8ad4c0204b345834eda39515db6612da8f4d42914aafe99c0479bd6eeb57a4822fb8d90c03439