9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2023 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

163B
MD5

f1fb042c62910c34be16ad91cbbd71fa
SHA1

5bc7aceba9a8704ef4b1d427d7d08b140afcd866
SHA256

9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24
SHA512

d4b2f435a14e915ec8c36364ef6be6dd810883b5c9c8e337573a114d36257186fae92ead623ac5ef7812b0ff2cc4973842e994f2f7fcd510d3c5a9c5c33a369b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133263254078630499"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
324	chrome.exe
324	chrome.exe
324	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
324	chrome.exe
324	chrome.exe
324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe
Token: SeShutdownPrivilege	324	chrome.exe
Token: SeCreatePagefilePrivilege	324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe
324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 324 wrote to memory of 1372	324	chrome.exe	82
PID 324 wrote to memory of 1372	324	chrome.exe	82
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1544	324	chrome.exe	83
PID 324 wrote to memory of 1500	324	chrome.exe	84
PID 324 wrote to memory of 1500	324	chrome.exe	84
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85
PID 324 wrote to memory of 3988	324	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d90d9758,0x7ff9d90d9768,0x7ff9d90d9778
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4512 --field-trial-handle=1808,i,6737762454307712644,4401215741936544269,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
18702a32b031640b5116c59d5ae41ee0

SHA1
a58fc881ea758e601bc08e7f3fbc6eaf98f02255

SHA256
f4cbb910d4200c96e009b19f1bd5c09e4d5d78ce1960a9facfd2dc3fa6efa45f

SHA512
3230387dad8fc6cdf5bf0f4b1d1161a772fdb807a625de08091b44f1fde21ab102f39bdd2fc2b679ec06392447a97cc9b31c208fb248ad479e32f6e373030711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
212233ffce832b84c78ef21552a8636a

SHA1
2049945147f0b21343e9bc45035f845a9cba07af

SHA256
17be624b51c8ff23f2f273887a42ed5a3b5ad7fe5e146065380b588b8021e33e

SHA512
6949b02f7c6a35cba7ae632df1ffc4372b588b67aa48592875b0158b1c97b0d115f28c67dbd300ffed5841a0055201f7954e11189b0a3664f98e8089903c550e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7e7ae826494d8b6d1dcd2c0683fae0be

SHA1
48cf0cbd8f7759d81047b8be579cb8939ac7259b

SHA256
8234830db6dd2f08a2d9fbdff52b7df8f67ddb6a01386455cf28ac42e13d2179

SHA512
09c681a2d6f439e440ed16f7bcaf07c7aeda30ce78ca17385a4d1fc1b01f191c1626a7b2543f03947476a2d7844fc4fdbf24f3010582dc9c44899012e12da847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
8032191a3d7eed8b0d9cdb837e124988

SHA1
6c6246cf2b6610e4404848d5bf22174f8e8b5572

SHA256
825c64da8f118d5a649561b4193b6960033110a3459651438ab42d8ab8fcc5cb

SHA512
b468a869a700bb7a241fee20ff861b7607001a42fec1f59dc405d80c9aa0ac8103abbb42f601c3c2783fe5f52f6c4f1af3df7a2d485534c885cc4a54b6cf7cd6

Download Submit