hxxp://google[.]com

Analysis

max time kernel
1928s
max time network
1931s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2023 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 1492	4540	chrome.exe	83
PID 4540 wrote to memory of 1492	4540	chrome.exe	83
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2016	4540	chrome.exe	86
PID 4540 wrote to memory of 2136	4540	chrome.exe	87
PID 4540 wrote to memory of 2136	4540	chrome.exe	87
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88
PID 4540 wrote to memory of 1588	4540	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://google.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd8479758,0x7ffcd8479768,0x7ffcd8479778
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1760,i,5438069986225054580,8200011929364148974,131072 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1760,i,5438069986225054580,8200011929364148974,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1760,i,5438069986225054580,8200011929364148974,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1760,i,5438069986225054580,8200011929364148974,131072 /prefetch:1
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1760,i,5438069986225054580,8200011929364148974,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1760,i,5438069986225054580,8200011929364148974,131072 /prefetch:1
  2⤵
  PID:2532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3408

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
52e0eebb1480e03d079a980eacd44531

SHA1
0ea5034fb84e2ad565604d3c5f6bc28fbff1b994

SHA256
22567d0fff28d59e33b2e4c3e70955172e63d79e4c2b58c3df5ccf60f0d98300

SHA512
6a4eee9e86b3347020650d143c769d8be5e2e3012f095568f642c883b89ea0aeee6df053960d4a371404f58a6e90d444bad59fb6dfb87c0a10a521b41fdb8b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
569871e7a4e9c6706128c6fe7a8402ca

SHA1
8ead4eef88215cd2d4216aef184d5335d5bc3a31

SHA256
0b6a1ee99af0e10ef7e31db7eca8d21e06ff633db7e79908157175c7ed816367

SHA512
1944d1849cba850ad0577a612c168718df4d83b24194e4317977a6a211d1ef0b618be130aee457077758f508af8b8d5d11a9240c303c92b1b0dfdab742eb0780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5272f77984d40524b25fd5bab87065e5

SHA1
d597cd228dc40b4b2b748a30e12b637f3b295cb9

SHA256
84f5c5e13bf7233fee0039bbf8c16c5b2de9da005be88c7794dde1e6b607f074

SHA512
0fc7cbd2433565ccabc90375fb8ba42eb6c0db9355f5a2020376aaf53a656f43995678c1a374b291ef49e88431ebb87367898b9990ef4d63ae7079084f29c237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c1590502e53628578da59161cf1ad08

SHA1
87db440588d5ef53cd514160437f82549e5320bf

SHA256
e01be3164348854ff5e5014b7d9fc1e4f9cc0f796cf62c05e1d5ef1ab0cb8e5b

SHA512
7628c5078fde995ff12ecc588373e8ea6d39a175e3291ef9f170764164ffb114b491be537beb1bfe5cada0091497aa003ff9f6ba40af46ea9573df1cf9f01300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
9f3f9e3bb5ffa3191e3a97e0cd95ac1e

SHA1
08ade32306fc3fb993b5e04c67cd4fc5aa9c304d

SHA256
32b15f3731bd6d6ffd4279e82201960dda64b9bc4abd2946b35e95cc60ad3b3a

SHA512
bfb1f918496736bdaeb6a95a408599139c9fdf3e78874d9cf0600a3475aa2eeb447f1c9545a58e3a97461f208b3f2cbb39f6345075ab3afe488af3c1dda3256e

Download Submit