Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/11/2024, 22:24
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ulvr1dztf6.acoriritto.shop/?email=YnJlbmRhLnJhcGFkYUBmcmVzbm8uZ292
Resource
win10v2004-20241007-en
windows10-2004-x64
11 signatures
150 seconds
General
-
Target
https://ulvr1dztf6.acoriritto.shop/?email=YnJlbmRhLnJhcGFkYUBmcmVzbm8uZ292
Score
10/10
Malware Config
Signatures
-
Detected microsoft outlook phishing page
-
A potential corporate email address has been identified in the URL: [email protected]
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765286809150019" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4000 chrome.exe 4000 chrome.exe 3460 chrome.exe 3460 chrome.exe 3460 chrome.exe 3460 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe Token: SeShutdownPrivilege 4000 chrome.exe Token: SeCreatePagefilePrivilege 4000 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe 4000 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4000 wrote to memory of 1616 4000 chrome.exe 83 PID 4000 wrote to memory of 1616 4000 chrome.exe 83 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4828 4000 chrome.exe 84 PID 4000 wrote to memory of 4164 4000 chrome.exe 85 PID 4000 wrote to memory of 4164 4000 chrome.exe 85 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86 PID 4000 wrote to memory of 3652 4000 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ulvr1dztf6.acoriritto.shop/?email=YnJlbmRhLnJhcGFkYUBmcmVzbm8uZ2921⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa3031cc40,0x7ffa3031cc4c,0x7ffa3031cc582⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,2745785245850564042,4854174743780534590,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:4828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1756,i,2745785245850564042,4854174743780534590,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:32⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,2745785245850564042,4854174743780534590,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:82⤵PID:3652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,2745785245850564042,4854174743780534590,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:12⤵PID:1996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,2745785245850564042,4854174743780534590,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,2745785245850564042,4854174743780534590,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:82⤵PID:4784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4408,i,2745785245850564042,4854174743780534590,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:3036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1056,i,2745785245850564042,4854174743780534590,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3460
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1864
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD59c7ba3fb6bd04ef328a6b28c590e609d
SHA160eb22f657fa7c9e89fc8f6542492ef6b33c4ad6
SHA2569b364adc124b5b49a7c46550427a4050bacbd19d2150361e3afe437d9fd007cb
SHA5129ed224b98e6f1a3198e885693881971bf95e8be363818b25cb92d9293a6f78615c8607a6d79a926f8b3e8d4781242bb2332438a1b8d5bc78f0e3ff72d68e141a
-
Filesize
144B
MD5aec784cc6dcee3e47a36817164ca4c11
SHA1319f2ccd570bc96bf61389e527ddfefca711c411
SHA25663941517526785fef3cdc18ea9cd9f85ea79d96315d6aa0abdbbd86fc38a78f7
SHA51251cbc01a11fd092dcb4f63438d6ad650f517c81c0b4f8346f60e49c5d90bb21d03d8bf2e8e43a2931e64afea86a99b93d32349f3fee3de98d65fc0b0e0c54572
-
Filesize
2KB
MD5e1eee8358a3f7a3709f220ef41fcf4c7
SHA11a2ed8c0e48cf3f18b22f5401ff7c96c7d399d27
SHA256ea8002454276ebfc671bc4b41d43bf3c05c9cd928bb4f87efb197d2e7a3b04c8
SHA5125cc6fdc566b40243ee11fcaead03ded00af4ff42f937f55bb9f7c1b1bc9bc7695bbbff8126cd5354330bac2aef35bebdf06afd81cae210413ca8b84fa54936dc
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD58dcc0b2a84c35dd7434a817c2a42e0f3
SHA1ce824bb61ae610a2fdf28bfab840646eec1d36c2
SHA2562b1aefa9644acb3dea3ac84b0ee9b1d7285cb6fe351c18b19cf63413733090e0
SHA512cb920ea075e35dd0cffb58b584bbf0d08e950fa2de2c4a9f9d5a1cab834ed9533414c18ba7c425fd63c20564a537b5f95754390f951f7bb073caa04ee03688f8
-
Filesize
12KB
MD56a39dfe3191a388f102d0f2166d92401
SHA1fe2570f4168fa154b43f1100ac44fc20c7f6f51d
SHA256f0ab5e9f421298e7d98902773c606cdb9e06df0ce6d6fa35dfcf9910254ed3b9
SHA512767cc90bd745264395783e75e5298061bbf080c392890636b060b5e7f0c735c5fb27069335ef26a96cf860967dd6a1d031f145012e1c3adca062b4dc495dadfe
-
Filesize
12KB
MD5c201fc17957e727891934717699dbc99
SHA1a48c0e42df278d10826b4cb5ad49742022b115a8
SHA256f68321eef10d92a02e7190e08af9d412b627b1ed8203c724e3771c4b768152f6
SHA512a3c597c83b574c730b63f7dfe5975311cfd22a0b919a1a52e191230b41f3d73ad3c74d0acb442efd9981483c1aaeac3421554444ad0e2deaebe4ed15a9f045f9
-
Filesize
12KB
MD50b995af29370ab7edc12e69087ea9f79
SHA1326e52a20bf73a482b79c28b58b9b823737b2399
SHA256c749755567ac5090d14334008aff4ff1964eba596217d52a028b004a4aede292
SHA5123985248cf2a9bd787d1a7f783e211daa6ad00355690813fd596ac4998a94ba8a81cb426ffac9833c69e48e569691bd884141a5800a3b4f6e6ef419b44deda749
-
Filesize
116KB
MD5a1fd35d0eef50d1741f5a08b14e18155
SHA154e0c11803e09e7c0fea972feeb1fed65dda6ee4
SHA256423f843b517feebc1c64243b28d66dc838c86f15cfe449fd42b130737a853194
SHA51237c4539593a9abf645c65a7716e217571563d7369af4742adcfc4cbbd9489ee91036de3b5ea7c176df25ff4e74bdc5b7e3b39c4c0e826b6e738d3cd1c0c997b9
-
Filesize
116KB
MD518dd33e79c6e183af70e3ead188d3015
SHA181b0b3f4732860bd733b73d9bda33dff179202d7
SHA2565cdca4e7d2363b33a7779e308c12d0257c9d8245c894f593274672920965da70
SHA512bbbbcf03ded45fb976062c3b49b48c4a091794cdac321c6427483b18591ccfb6886c55b38dd4368b37388bf406ce12c7ae8c435a59c44dab60c9cc97b40c323b