832654398d6aaecf7213b9b15c7c527054dd8d2a4ff14d368a657a5a1c53b2c3

Analysis

max time kernel
65s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2023 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gui/Dashboard.html
Size

36KB
MD5

d48d1f160ff80990e5fc123886590158
SHA1

c3adff2a63b24b1219f31e75aea955cf401fa9f5
SHA256

eb071635072b9f1ccf127d954ea2678767441e77e5c4554fe6e7d22af1178962
SHA512

9bd258fd4c0b89fad2524a1c87ee267fab22692902f6d07014787aa09d09975b793aec93264b4af7d86c40d1d90e847f89b0aac3ba10f0c9b7f8931d56769528
SSDEEP

384:ozjQc7AkpXtr4MspwJoEE7rASHQoYXR3VAUl4AglgAAOT1LM:ozjQc7h74JCSH+3pe1Tq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133267718107007018"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2784 chrome.exe
2784 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

2784 chrome.exe
2784 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2784 wrote to memory of 4920	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 4920	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 1744	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3264	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3264	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe
PID 2784 wrote to memory of 3704	2784	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\gui\Dashboard.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be889758,0x7ff8be889768,0x7ff8be889778
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:2
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:8
2⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:8
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:1
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:1
2⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:8
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1876,i,12228703742523815241,15100459522983349087,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:484

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
4f30602520b0dd1179d9532a14bf0bff

SHA1
1812d1d1e8edb46f1fe3e6cf42f9fe2d322e2840

SHA256
ebf3a52c08756250ed1b4ad7d81c26add908512418dc36c9b785ee70bf9624e5

SHA512
09755e0f75c09c36a55b1472ae41b6f3357684a5f65b4f0e17e361e10984fb982baf9b0c7a665d02572bcc0428f1d46d73a5dac8308b8b2803a9b71d549ffbf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
2b98c9ae7456fd45413d432dba4b57a4

SHA1
d1f75454683a8229fc827673961cec4f26cee6ff

SHA256
99b2248a4eb907a041505c9f4be823d9979c7688c2327271107430094d4d5b11

SHA512
f243f6be5d84104bdbd29c9f86b3c9c032c05aaf7f5093b91adbbbd0418bd15aea2b17bc5f8fc61d1f44c10fff91a5a5f731dabf58d7083bf1803eb454365dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
c10eddc58dd80a511fe0d6aae5397994

SHA1
487f3abaca77b823dd88901e0d59810a260d0b72

SHA256
fe13f75dbf98f981ebef338bb93ce7c6b44685a1d45e3c10692ae85278f6657c

SHA512
7f7cc8fd9b65ef7a727dc059cf1124458be3891ff861e66a052c086528b3255ca66615b200b3a6736eda6dabb1ca7ca6bd7c310044a05dae21badad5b665053c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
0f3581ad85eeddca444f87107755238b

SHA1
f3b2c511b3b8f6812dbe02a2dc0b43850e996df4

SHA256
cf7655d157fcf8a5f7fd882d2fd6aae7803d4f09c580200fca0679dbe5d024a7

SHA512
fe31a162460a35747d57ff1b4be06032050c2c2293138adcd310de6bf7b45d6975059094787d0bdd36d28efb7cb7486d544cbc00a7e4970a26a47f7ee08e5900

Download Submit
\??\pipe\crashpad_2784_FNXPTXXXPFDGOOAF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit