82306687a56d90b011838f0038eed28634f6208efbfe62c8ba25e76ff6a4f0f6

Resubmissions

01/05/2023, 21:09

230501-zzyrlsae81 6

01/05/2023, 21:08

230501-zyzyaaae8x 1

Analysis

max time kernel
167s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2023, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

msm-tll.html
Size

77KB
MD5

514a25dea0489eb779532a14501decc3
SHA1

5582ad04a440d1edd7639107d81eb60b1074f1f4
SHA256

82306687a56d90b011838f0038eed28634f6208efbfe62c8ba25e76ff6a4f0f6
SHA512

d10412918c8d38211657c904d836b73c587bb43210061e00711d1f205e6865c9a97adb1c77a08628a34ab8f24b624241b9984fe57c451c0d682d56e892590096
SSDEEP

1536:ogrS1qAkoHRwfiih0cNa98YY+o84E89unIociK14ASi+k3:hVjaih0cW8wo+8cIkK18iR

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133274563715864719"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 4920	2624	chrome.exe	81
PID 2624 wrote to memory of 4920	2624	chrome.exe	81
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1764	2624	chrome.exe	90
PID 2624 wrote to memory of 1000	2624	chrome.exe	91
PID 2624 wrote to memory of 1000	2624	chrome.exe	91
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92
PID 2624 wrote to memory of 3492	2624	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\msm-tll.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be889758,0x7ff8be889768,0x7ff8be889778
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1800,i,13495492472917542865,12251308986972437184,131072 /prefetch:2
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1800,i,13495492472917542865,12251308986972437184,131072 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1800,i,13495492472917542865,12251308986972437184,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1800,i,13495492472917542865,12251308986972437184,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1800,i,13495492472917542865,12251308986972437184,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3636 --field-trial-handle=1800,i,13495492472917542865,12251308986972437184,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1800,i,13495492472917542865,12251308986972437184,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1800,i,13495492472917542865,12251308986972437184,131072 /prefetch:8
  2⤵
  PID:2280

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6402e6ca07864836c73f49d6b3d0fb62

SHA1
b1e57031444a6d69b6c124b9c39188b294c0f7ee

SHA256
4afc233ad85099c18ec20f0d7023ad9e213341971c770c435771633e05188cac

SHA512
5f1cfdf071a3067ab9ae6ecf4885329f211a05815247c092eaa930928e056294c14dc4681e3ba9e6f5bb64ff6033d1df63cf59c1702838c875db2a5d2d23a917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0eb554b88fbedb2ccdf644b8abfbce74

SHA1
9620b9459fafbc1a45c90ac3997d49c4bdbcc05a

SHA256
6ef486937703f8067fc6670c2c5ed8299213fddcabba36b9e10ced7e537c9a62

SHA512
5507c42e25f77483a96c08d8be7d4b59aaca7dbf258781c46a8d8b72b36d0a2039dab78abaac6b33f6898b886d638276a3c86c0086ec2f6c992bd1236bdb72fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
bfd69d5d10bf95c559001226647da293

SHA1
2c8a892e22166981aba95ef4c89d3f85a12741d2

SHA256
772db035ba05513a2c4272597f97aab94c56e268fccad58ee2923b606f42b61e

SHA512
7dcf97191bd41d41f0c7923b9101b4732d92237b1e1db3b5d915b200a3986f1ef5c1be78ebca305a447ce22742b1ef84fbcf398f95f4621abd2758cc9476b8fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
14493344545ea39bedfed776d08a2134

SHA1
a832774e5517738b89a190da92f68aed999029ce

SHA256
5cb0c2f99d8cee30115e453bfd0716a01b733a12430b888ad265b25834040a25

SHA512
6d94c5b47cc60e4eddf746eaf2d2f81617b99ce4e60b24e4e5ce4ba9d166ad84547d9cad085e084bfeb0057cdd9d60c38d19b3568a707d20ccc2065c46512481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
7e091e37125990f147d3fcc6de1bc92c

SHA1
9db73999b57465e1857360ef7a12f8cce16029b1

SHA256
ac1221b4f81e864482ef10827c9ba46b5aed2185f0f768198c7f4134fec9d0e2

SHA512
23ee8ff6f487bb33545d85fe06625e551fd4f10304958022e3a33677af2812a7959e8857f9555a1be7283cf75abd3eb6e1aaa046fdb8cff98b284fb90c85c99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
114b75b5428fd9c84e9f9425a816b6e7

SHA1
82f32d0346fdd9b0dfcadfc81ac585495faaad87

SHA256
f18fed7280941dea222e93812ef3dfdb967fbe1f15681ba78a6beb5b712c7b77

SHA512
69e617b2d8069377246c5304ace049f3a446937fb6f9408b3f5c2f4decf8e47c078f473cbb3981b56dd55511e057e188e61cb851252755db15d921865d994467

Download Submit