Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2023, 07:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://go.techtarget.com/r/266421993/45933072
Resource
win10v2004-20230220-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
https://go.techtarget.com/r/266421993/45933072
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133274926180973576" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4412 chrome.exe 4412 chrome.exe 5008 chrome.exe 5008 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe Token: SeShutdownPrivilege 4412 chrome.exe Token: SeCreatePagefilePrivilege 4412 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe 4412 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4412 wrote to memory of 2012 4412 chrome.exe 84 PID 4412 wrote to memory of 2012 4412 chrome.exe 84 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4080 4412 chrome.exe 86 PID 4412 wrote to memory of 4284 4412 chrome.exe 87 PID 4412 wrote to memory of 4284 4412 chrome.exe 87 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88 PID 4412 wrote to memory of 4444 4412 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://go.techtarget.com/r/266421993/459330721⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4412 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad1eb9758,0x7ffad1eb9768,0x7ffad1eb97782⤵PID:2012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:22⤵PID:4080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:82⤵PID:4284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:82⤵PID:4444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:12⤵PID:4520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:12⤵PID:4132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:12⤵PID:1196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2784 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:12⤵PID:3320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:82⤵PID:1536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:82⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 --field-trial-handle=1812,i,18408539969746272449,583398932266404457,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5008
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:760
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize230B
MD53e90f135ebc53c512bf9021928e10990
SHA139823ccc800420b757b63a12a7a50a62945d0d47
SHA25686b28676eec09f4a9823c2e363735aa1661d113c9e2a5ad643b9293bb261047e
SHA512c91b140412b5f1f10ca070c19c9b49917161b27648fa1ac2876943c7b3cba9b729d1177d4a80583e0e0a435bc12b8e9ef42472364595efedb69d700fe45538d7
-
Filesize
120B
MD51aac6a8a5d04fbbd0db250070d34552f
SHA1abc77af8d7c42d6195e63dc47bb2ed4dc2ebf26b
SHA25600a1e6de5c1c06e0c5628a5fec0e52353c3a896a722dc9a3146d5beb499d9ee7
SHA51278e86870cff2e4bf22c2f6375e2f352628ae0c669948244e224971a16eb70189b67626a9b446cedb0d8b3018f1f20b18ccf7aea7b48efe739950325752098a05
-
Filesize
528B
MD5c512724285c855452e6021abb9078582
SHA1f21b49fd1b44c51d9fd8ccb46e30b48e04da5e92
SHA256edfcb0e823a92453c5052e8ba29a32bcb925b31e526c233f579d564b8a7c1e07
SHA512460753ade5b0b02cd04c4963efcf31ac94d84e5c43bfc91847b7a1fe26bae1a0a7e7324d63d9d9c04fea2186f4425798dbf406a4321413d229e7c13c173f5894
-
Filesize
2KB
MD55c59da3bd89e8bb135a26099b20af4be
SHA155c3808a0539235fc2a28a3dbd01b1d07e947ef3
SHA256dbfb76899584289069704867811247f1a601416d51efbcfdecafa7eb469a4e1a
SHA512ec75599729250ab27d643eecb91863324188b6193dc4eda361ba0f150ba919ab9774db88df7c5ff4228d6c74aa2b3c4d1cf937a8c809d4d49cc0bd05bc847e4a
-
Filesize
1KB
MD5c2d4950b98b8a9cd40dcdcd6851c3e2b
SHA153541b73c38ded967161e30aad839e40711dadbb
SHA256943cd7eefb6fb327f376daf318fb0e751097ba6da30a1a75fd017638b06eaf9c
SHA51227ee53525085ebe473df61daf05887127a7b04e981b4bf9862d02f72fa19ac45fd603876bbcc53dc552b384bf4916211a879934e375fb259eccda00403e2e154
-
Filesize
4KB
MD5241e0f6ccf7c888578427906fad4cb9c
SHA1f5fe0ad778df4d5174568ee73a78ec4e7433bbaf
SHA256c85a0efa13cb51920fac58e1dda53ab221c94a5705587f116f8f0e6e05d223e4
SHA512906998a725ddeeced77e37609e64af9217128176454e67c647750d7651caaad27a93c909f557f2d7620712ec2c35b9a366b45f3bb796a0b279db47417fc3db9a
-
Filesize
4KB
MD53ade579eacc9a8aea48dc35748497ebd
SHA1cb3cf9872c9e0c59c755892a79bb63d9f797c7bb
SHA25675ceb9b6a0d7fc013a21fce5c8ae36c21822a4ae96b7f002e5f5167bbe59038e
SHA5125aa4b28ac93f02f6d80fb46d797ccb27dbf1e046b801d4fe7b11f530a93504ece119c817cc1d710a14367fb67e6bf9a6f39ab89bbbb0c0e17e4b86096018b0fa
-
Filesize
5KB
MD52ed78373fc2b4a36ed9aedcf986f4c9b
SHA1830ed5e15f9d29dd75c1fee30ef97d8b4edb608f
SHA2564fdac6b193bb2fdc3d7670cd48456b212ccd117fc1f208c5a3106fc445a73c1e
SHA512c0074b4a3abe6b427e0c332fa20c47fd192f52fbecb34303c439f91231a512b0d56e3e8a3223d65b4d3c506d2b7afcabecbcd69112f39328d1fcdf70c7f2e6d0
-
Filesize
147KB
MD56953ab4fdb96b033c1965ada81b6decb
SHA1befcdd105c577e52d323d8344ebce13ae40168b0
SHA25623dde166655517a3eddbb686327c16fa29967eb5f59c006bbccfaa6fda68601b
SHA51265e3cdb8669b7182c5a55abdd42965aa8b9f49f245eaa901016cc5d45797e3912a14cef816e40443e0f805bcb5318fdbe86294b6d3bf9018aa11f4a7076871a5