cd013ea06693e457f5b6f968a55ae5c9755badd66c74e88ab87a4bfbb3321ecf

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-de
resource tags

arch:x64arch:x86image:win10v2004-20230220-delocale:de-deos:windows10-2004-x64systemwindows
submitted
09/03/2023, 14:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

142KB
MD5

9b6a0dc79c04acbaf327afe80b5a03d6
SHA1

a10c97dccf39898c002075853003b1c31dd7c124
SHA256

cd013ea06693e457f5b6f968a55ae5c9755badd66c74e88ab87a4bfbb3321ecf
SHA512

8696fbe8e2d9fecc8d754d48593f98ea7d1f677a69924bbf8cd8ddff318d980ed573113a139a815297a8a5c0c6438c83bae58eff72896af5a9df2fcc7fb631a8
SSDEEP

3072:OsTPzzitYZZFPIb1lTzAp7H0tLkH8F0ys+ns1Q9y9jzWs9Hv4mXiX:TbzBZZuGLqLkH8FVnsNvWM4yy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133228507552830447"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe
Token: SeShutdownPrivilege	1576	chrome.exe
Token: SeCreatePagefilePrivilege	1576	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 1080	1576	chrome.exe	86
PID 1576 wrote to memory of 1080	1576	chrome.exe	86
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 3068	1576	chrome.exe	87
PID 1576 wrote to memory of 264	1576	chrome.exe	88
PID 1576 wrote to memory of 264	1576	chrome.exe	88
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89
PID 1576 wrote to memory of 4484	1576	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc94e59758,0x7ffc94e59768,0x7ffc94e59778
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:8
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1304 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 --field-trial-handle=1820,i,16147772721257735588,18173749976742859941,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2656

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
12836adc9fe6b85614cabbdcc02e7460

SHA1
82f00a7794a906dd1ce133b8faf48a74fd74e816

SHA256
f95afe8c718fe8df68bddc2ced50e9b91643d70b820f762afc327c119f85ce56

SHA512
d4a495e876589d390bcf4747aa589fd325a3534601840910ea12139dec36985faed8dd5d1ca8921609f66ebdf03619e1de196b3960b33d8664e80cf2e6f6aa52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a1fb1bab636349c565fa8bf74cbbc96

SHA1
fa5e5fd116fe34bb28d2df70b58755082f764250

SHA256
aa8509f87a18a0b66d39f4b7c22f8ecaf45bfbfbe01d61b7392121d473ca101d

SHA512
d79d9dddafded866e836d9eb3258cf69a88ebe9db73f20a9da61905fdbd8dd02bd235e58769b25d46355411b92c5f1b99633afc538c835a553fe1781ba9dbfe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
87411ab42d880c80743928ea3c0a8cb5

SHA1
2ec8f931134da07090ddab2f0b77dd0593d73533

SHA256
0885602dcf3cc137b1c5a2575251d52193b87b07b9cc99c0003c093b8bb9da53

SHA512
f94ef5a8c764b3947e71fb596f54fb723805f16bedf5dc56c37e9aa3f68f01d746e801a9bfaef3f04fd6ce2dcf651f58953a1d7cc07c47ac513d32d097f114fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
01c738df1c38caef5c657e31304b8795

SHA1
df6cf4c4827d589dd7172ecc88b8db4c3061d4d1

SHA256
b1c7ef601168cc9de6167f48631d8609cfd782e9a38e09bc259dce777b4f4bb5

SHA512
d1c2716b107f9aababebddfaaccf0dfc702a647b0ec52e04d32b1f2655b62b259040146a956f13ec6dffa4bc4b955f2ed4659b8b7fa7329db5e3b4cb7ec4c6b3

Download Submit
memory/3068-137-0x00007FFCB18D0000-0x00007FFCB18D1000-memory.dmp

Filesize
4KB

Download
memory/3752-166-0x00007FFCB1720000-0x00007FFCB1721000-memory.dmp

Filesize
4KB

Download
memory/3752-165-0x00007FFCB3440000-0x00007FFCB3441000-memory.dmp

Filesize
4KB

Download
memory/4420-215-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-214-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-216-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-221-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-220-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-223-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-222-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-225-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-224-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download
memory/4420-226-0x0000024488890000-0x0000024488891000-memory.dmp

Filesize
4KB

Download