b31a263ca323b147804980ea20d1b0838414b08bcfdc28f8f934a9322634d40e

Analysis

max time kernel
96s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2023, 21:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NVidiaProfileInspectorDmW/NVidiaProfileInspectorDmW.exe
Size

1.1MB
MD5

579067aa83eee52e3e3cb06efb80f6b6
SHA1

c500e583305860076ada4a0dbbd52ba372782f7f
SHA256

c8a5184013e8e76abfcedac550e5d1b2283cb4b86a9cc3a43bb50e2dd9bae6bb
SHA512

98bf5c69fda21b13a42ba8ea59d37a98b07c5c2000820e97abbeccf42fe36376fe02fab3a38f5dc7ef21397ecf34922a79a5c7978b9c1b84761f3e60f8431804
SSDEEP

6144:26lGUh25W4gqmiOt/YBd9NfDb1xBcIIzd9NfDb1xBcII4d9NfDb1xBcIItV0TgfY:26l85mdim/Y/DmP5DmPADmPIgfFDcp

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
364	264	WerFault.exe	82

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133249525127818142"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 4496	4284	chrome.exe	99
PID 4284 wrote to memory of 4496	4284	chrome.exe	99
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 2788	4284	chrome.exe	100
PID 4284 wrote to memory of 3860	4284	chrome.exe	101
PID 4284 wrote to memory of 3860	4284	chrome.exe	101
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102
PID 4284 wrote to memory of 2808	4284	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\NVidiaProfileInspectorDmW\NVidiaProfileInspectorDmW.exe
"C:\Users\Admin\AppData\Local\Temp\NVidiaProfileInspectorDmW\NVidiaProfileInspectorDmW.exe"
1⤵
PID:264
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 264 -s 948
  2⤵
  - Program crash
  PID:364

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 264 -ip 264
1⤵
PID:1648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeaccc9758,0x7ffeaccc9768,0x7ffeaccc9778
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:8
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5040 --field-trial-handle=1800,i,7039956992709019786,15388809150322265285,131072 /prefetch:1
  2⤵
  PID:440

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5080

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1610b52f25b9305436013c4e04cfd3a8

SHA1
0e72246003d22198d2113600d6c024845f1698ee

SHA256
6724fdbd0e72cf6a1fee21914a679c66317de6b0f1203da7442e8b4cc96698ae

SHA512
c3c339452d4beff5a398a1faa43b93f60bedf2ba1f1fbd571d6100348ec0d17423493848b948252a3b8bb8c07a7de9d38d5501463b3a561923d574aa10e8c71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
dc25c31983eb96fbed07d0ba2a250568

SHA1
5de689347fc6903339800d3a0cb2fb41e6253b85

SHA256
ea386cd0c3934cecc57822681c9c5ddefbdfdc83c2c1a7f534961b6665fc6949

SHA512
22b89446347a4b4e08d44654d0b2fba838b78d91973c2891b7e69ab6a4761a483b432635edf7cefa4a38b9be74d6452ab5bf055f6cb825e3cec9942fa187de2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
12eb04ac831a4f7e330da10bfd7aac15

SHA1
6372c5612ae75b0c2c5257b7834331680f0b5072

SHA256
23b3184696c7c8bb29bdfeedf8e88636098a86adba13d7f163dd39826765e94e

SHA512
ae9aa134a00625c56518e5165ce3b8a3a921872339eca81cb4078ae4c72bd64087f105d097faa875bfb5d3792db493cc3598b4895c25fb260c771244e7d059f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
1507c7585c7335fb1d1a4b2915091291

SHA1
e3dbe617ade9e37ed10486a36db41f4e4a4ee211

SHA256
a642f2346a951f5135425fb4b705c752ed68dc84ca1bce6cbec2b446e249a8eb

SHA512
0c4d9bfc7653d9a7c51c95d570dd376c631ea5a61c5fe98f73077e8912e695bad5d2bd50ebfef95d14bc725b49af4cb4e22d3e3feec826a85c149159f463bd63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
0b8d17f7fb7377a8d1a8d9709d8a2540

SHA1
dcae13e8eefac69a79f15982a6e7bdba206c4ea6

SHA256
201dc708f108870e7ebf69d1c549c4cfef21ba5358f32a04c49934d4139e237b

SHA512
be10249f4161b993218243695232ad998137ae3ac20c41f03ce62399174a7388be58261eb7542825531ed74a4679291563942d0bb9554f3cee96ab364ec0e6ef

Download Submit
memory/264-133-0x00000000000F0000-0x0000000000206000-memory.dmp

Filesize
1.1MB

Download
memory/264-134-0x000000001C310000-0x000000001C320000-memory.dmp

Filesize
64KB

Download