Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
68s -
max time network
70s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10/10/2024, 12:58
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mandrillapp.com/track/click/31286656/timeflow.it?p=eyJzIjoic0ZCOHNTYWxTck5Ba2NsMTg5LWdqZHdpUFE4IiwidiI6MSwicCI6IntcInVcIjozMTI4NjY1NixcInZcIjoxLFwidXJsXCI6X
Resource
win10v2004-20241007-en
windows10-2004-x64
10 signatures
600 seconds
General
-
Target
https://mandrillapp.com/track/click/31286656/timeflow.it?p=eyJzIjoic0ZCOHNTYWxTck5Ba2NsMTg5LWdqZHdpUFE4IiwidiI6MSwicCI6IntcInVcIjozMTI4NjY1NixcInZcIjoxLFwidXJsXCI6X
Score
3/10
Malware Config
Signatures
-
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
pid Process 3140 chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133730387543556527" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3140 chrome.exe 3140 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3140 chrome.exe 3140 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3140 wrote to memory of 2216 3140 chrome.exe 83 PID 3140 wrote to memory of 2216 3140 chrome.exe 83 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 2432 3140 chrome.exe 84 PID 3140 wrote to memory of 4144 3140 chrome.exe 85 PID 3140 wrote to memory of 4144 3140 chrome.exe 85 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86 PID 3140 wrote to memory of 3428 3140 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mandrillapp.com/track/click/31286656/timeflow.it?p=eyJzIjoic0ZCOHNTYWxTck5Ba2NsMTg5LWdqZHdpUFE4IiwidiI6MSwicCI6IntcInVcIjozMTI4NjY1NixcInZcIjoxLFwidXJsXCI6X1⤵
- System Time Discovery
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4f96cc40,0x7ffd4f96cc4c,0x7ffd4f96cc582⤵PID:2216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,12023887579690266668,17369433248120236578,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,12023887579690266668,17369433248120236578,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:32⤵PID:4144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,12023887579690266668,17369433248120236578,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:82⤵PID:3428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12023887579690266668,17369433248120236578,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:1416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,12023887579690266668,17369433248120236578,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,12023887579690266668,17369433248120236578,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:82⤵PID:1260
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4308
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:664
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD5f1b3c3c01dee8f122d25806509d9a91a
SHA19102b1d267ac486778f2f062eff896dd07f3b5d9
SHA25614682941ac45a7db6238ddeb7c6ae4ee96105010d10baff070e1ba0088d14993
SHA5127e9f7d76b8834616a1945ff2e74b6600f3d99a21dc923ae9836b1bbd9063f17b484f7270297fefe82432a06283d98d2bccf0ed477030123218f5147ac3ed285b
-
Filesize
8KB
MD55f70583f8567a6e3eddb7a571d1bff3c
SHA179c1150100c1e33806e522d20c83fabd492a0bb5
SHA256342a8bfb57091400276ef327a3746c0d326335a7008a8f1d8c5aaba10dfdf7dc
SHA512261f95a14803d208eb13a67eac34fa4c6af09102a93f50504e5841ebb25e31b8d257e32caa16f7e0f29fba7cc90529a8457b296914f2f26e905b44fce33bdfa7
-
Filesize
8KB
MD5505d9248b9e34d2420af4589b2156a36
SHA18d9e61be70f20fa033671b5cd63ce09eb6ab0a67
SHA25642570b60d49579482a518744468fcc30de1c14c2aad5fe9866ceb11dcaefcff3
SHA51252dd37f5976e4d160e1e6b1e3e0fd7892f690410b5128672fc77b61168a6ea8a8c054997d4d9ada3b7d3083b721f5ce1c2b6f3d5df54c32de8dd0fa32f9f9979
-
Filesize
8KB
MD50340a1aea165de1a41a84317ca3475d4
SHA12a24dd946c57cdca84e93ef27a469e08338997dd
SHA256a601338ba44a957262906ae89828c8fbc65153996fd8669cbf5a8ed9cdcda523
SHA51263a1f37a703c5056d9fb7a2f7b69c4a9209e7abab8d4236f290e8881134cd70aa814cb2d888abca69a5e105e52dfbe2c1e2d7196ae6fc3dfa718b44a1843dbd3
-
Filesize
116KB
MD5221def3ff96eb04a48cc9ea72219cc1d
SHA16d9cbeef91770defff9e03641fd3fed0885bad57
SHA25616970d2ac255f48153be10fadc470a4be10307a8e29b2e7ba0096231566ba255
SHA512d8b33ae5d33f6b18660e26140bf4b140fdd4dcda27797ea7370bc8fe9190db7f9785ea709eca92b81ca6a13a2e0dfc94d43fe41f6293348aa96a7b051e084e09
-
Filesize
116KB
MD556334a4f57479baf9f625b7d2a0a11c4
SHA12c79346f3fd8e945f16e717c765d79e0c003ecac
SHA256f19013f90209d43ca2a39139ec804c09af2814c503451d3f1f18af88012e9eaa
SHA512cf33d3eec13d1efed1e787821edbad33ecfdf76ee461dff2537922163cc850e06780616db49921c0c66c2c107c03bbc853293ab151c5938e15af401975dd547a