7dce178d1ce382c59a3d906ed85d7f0701492d4225fde0180b0ef13c7cf4b7df

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2023, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

▷ lıllılı.ıllı.ılılıı.ılılıı.html
Size

475KB
MD5

39cb3d8ecb400575e9a663a549a95d5c
SHA1

359f86653c2c55642015a0ada86b3881185a6695
SHA256

7dce178d1ce382c59a3d906ed85d7f0701492d4225fde0180b0ef13c7cf4b7df
SHA512

687dfb66f2630dac60f561b9f824943b500e32b4d09c81ac9ff1ecccc22e783981f6208e3b5384ce5a2106e1c92f0cac2d99ddccba48dfb63d0eb2b0fa2c8d67
SSDEEP

3072:mZrvOZHZIc3J01nP1GqvlnS6lVS29JZzsvWUQ/N:mZrvyHZIcC1nP1GqvlnS6lVS25svQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257522709974654"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 956	4460	chrome.exe	83
PID 4460 wrote to memory of 956	4460	chrome.exe	83
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 1520	4460	chrome.exe	84
PID 4460 wrote to memory of 2392	4460	chrome.exe	85
PID 4460 wrote to memory of 2392	4460	chrome.exe	85
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86
PID 4460 wrote to memory of 4336	4460	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\▷ lıllılı.ıllı.ılılıı.ılılıı.html"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe1d89758,0x7fffe1d89768,0x7fffe1d89778
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 --field-trial-handle=1788,i,11416245118017503210,7382230968691791718,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
de27b2335376aea4112080780bec0ae6

SHA1
af6eefb84e0676c580757a511e40d56d89dbc84e

SHA256
a4fd7fff277b1bd19749085ab8dc3bc4becf9a2704348e59af0d6b717419d3f5

SHA512
2c89e7d7edcadcb459c4b256fe2ad52cc14b03063d6dd1a0228ec5b4a5cc59319bae0307a03188957de1d0a5c919501144020f0f5afb076b717a25b54602cb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
b0bf3df3a96e7a3bdbd03c9dbdbb7ef5

SHA1
f582b3eb374c9262ad9445a1af9546692fe38022

SHA256
53909795d93468cec42ae228487e9aaa18faa547b4d57f9a0351ffc7356d401e

SHA512
224ad15874545a3f0128446a98785c87681c25f5b8fa3265070e42723a03984389e26d9e30c8f8a777ca9852feeda336981973b1edbdfc86620e82615cce6c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d49866ba10d820e0fb832b872436ecc

SHA1
5ed5ddf6fe8eb4c04ed78376bb38bcf308e06e9a

SHA256
c4d0c0ff56ea1f0eb545f52ec858915ad0169496d4bbaecc0fc53b4a47b87e45

SHA512
f04df4cb4b71c7eb63d1fb04e666110044f564c3141e4301e4a3406174d5db03a4c9031f446f3e252d2fc17a49397214fef128e3deacda12554bb95d20a47542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0cf87df61c8f68deadbd56362009ee92

SHA1
26bcfb853e7b8f7f8e9e395f28e0e957586f3060

SHA256
ed9106ff2376c98396a5950ebddb6e7fee02dbf4655976e67e7118124f9cd08f

SHA512
ce6a5415670d96ff09f74590025ae66d67b3bb081a93c78ac48635ff150a31cde115c55a51919c44fd20b11af8c5c2bf4d029214fa41077d34107f576097be31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3a08369a04c1ccae6a8f3e5f6414d547

SHA1
7711c23bf180a8c7eabf9fc0e92c93fe2c006754

SHA256
4cceebc8f2c98703658403f6ea5a05538b5937f659f971ba8db40a564d34b0d4

SHA512
20f59bb305832d7467b306abb10538621c33c4b3cb0ef69bffc1d8ab30afd922d67a7884ec1289c2eb85f612057869c1650ae1dd02c599c77c8e6ed900d827fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
37e7a89f34d37b95c1dd8528f11ad73a

SHA1
b1a2cf9df275eb9192a09091f5dd546979f4a09f

SHA256
b16c136e55f21dd23a522184868098c449b428f9ced2cdb4674ddc5ff36c80a7

SHA512
e9702db97f6816097b84df48f22985a6f5b16a99b0e6be63743de71a59b82713c129a9577b17f536e8445234c36af3b345e41ba520aaa4152c5036f84e32adca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit