Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
27s -
max time network
12s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/10/2024, 16:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.pdfskillsapp.com/%3Fcampaign_id%3D21646771397%26adgroup_id%3D161873772890%26placement_id%3Dhealthyfamilyproject.com%26creative_id%3D714556735360%26utm_source%3Dgoogle_b2c%26gad_source%3D5%26gclid%3DEAIaIQobChMI8-fisY6BiQMVCibQBB076ROcEAEYASAAEgJIVPD_BwE
Resource
win10v2004-20241007-en
windows10-2004-x64
12 signatures
150 seconds
General
-
Target
https://www.pdfskillsapp.com/%3Fcampaign_id%3D21646771397%26adgroup_id%3D161873772890%26placement_id%3Dhealthyfamilyproject.com%26creative_id%3D714556735360%26utm_source%3Dgoogle_b2c%26gad_source%3D5%26gclid%3DEAIaIQobChMI8-fisY6BiQMVCibQBB076ROcEAEYASAAEgJIVPD_BwE
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729664311049610" chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\_campaign_id=21646771397&adgroup_id=161873772890&placement_id=healthyfamilyproject.com&creative_id=714556735360&utm_source=google_b2c&gad_source=5&gclid=EAIaIQobChMI8-fisY6BiQMVCibQBB076ROcEAEYASAAEgJIVPD_BwE:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 112 chrome.exe 112 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 112 chrome.exe 112 chrome.exe -
Suspicious use of AdjustPrivilegeToken 54 IoCs
description pid Process Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe Token: SeShutdownPrivilege 112 chrome.exe Token: SeCreatePagefilePrivilege 112 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe 112 chrome.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 864 OpenWith.exe 864 OpenWith.exe 864 OpenWith.exe 864 OpenWith.exe 864 OpenWith.exe 864 OpenWith.exe 864 OpenWith.exe 864 OpenWith.exe 864 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 112 wrote to memory of 3304 112 chrome.exe 85 PID 112 wrote to memory of 3304 112 chrome.exe 85 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 576 112 chrome.exe 86 PID 112 wrote to memory of 3680 112 chrome.exe 87 PID 112 wrote to memory of 3680 112 chrome.exe 87 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88 PID 112 wrote to memory of 4504 112 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.pdfskillsapp.com/%3Fcampaign_id%3D21646771397%26adgroup_id%3D161873772890%26placement_id%3Dhealthyfamilyproject.com%26creative_id%3D714556735360%26utm_source%3Dgoogle_b2c%26gad_source%3D5%26gclid%3DEAIaIQobChMI8-fisY6BiQMVCibQBB076ROcEAEYASAAEgJIVPD_BwE1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:112 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeba13cc40,0x7ffeba13cc4c,0x7ffeba13cc582⤵PID:3304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,13218960804833750398,13632330227844237449,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1992,i,13218960804833750398,13632330227844237449,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:32⤵PID:3680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,13218960804833750398,13632330227844237449,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:82⤵PID:4504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,13218960804833750398,13632330227844237449,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:12⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13218960804833750398,13632330227844237449,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4556,i,13218960804833750398,13632330227844237449,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:82⤵
- NTFS ADS
PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,13218960804833750398,13632330227844237449,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:82⤵PID:1668
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1756
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2076
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD538ebd4c302e1b744c9ee513c4f227930
SHA1bf9f614e8f83b3dccbf0d4a4df519f81d50a6d13
SHA2569e7bfa250d1c2c2696d0292a138df0b033c403718b33d76498a5c6874872b22a
SHA51202e5584f00467dea0ae1b55c703f77f7cf05dee4953d8c0bb27522964dc196f08e5ec28fa398b5116a115c97a68d72de8de14b0150c7a10af457e537014cb660
-
Filesize
8KB
MD50d09e69c7a2f767aa43440cfce7dc17e
SHA1ed8b4393b79819127178e7ebe5784d8559b99e9e
SHA2563ccadc2dd9b9eef7133367bffff118de2b9b17aff38133933a8f27ab553a65fe
SHA51202b0356200067a633bf36a428ec0e3ea0b4135aa7f99753c409870e5f99517c29ea6796dc7d54357c4b864c55d49d9bca5c7619c6809a5f4f4b16ec395021e2c
-
Filesize
116KB
MD5c1dc1ec339ca97050dcfc7acdea1d8c5
SHA1e47af3bc3314519b351b2a11063223db1878162d
SHA25630804ee41ef2b8b2c489ac7d2b80f64431741b0ccda4426b188eff2b6e80b44d
SHA512e405da71eb21cd53edf77d18f71f3047c75199460485c02cde3c9f6670c909e84238b3db5e44812d0b13e0b41454039f0ebbfdf8a9fa12f4008f9d7e1c391ae2