hxxp://google[.]com

Analysis

max time kernel
1801s
max time network
1697s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2023, 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133275936931540889"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 1372	3600	chrome.exe	81
PID 3600 wrote to memory of 1372	3600	chrome.exe	81
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3076	3600	chrome.exe	82
PID 3600 wrote to memory of 3068	3600	chrome.exe	83
PID 3600 wrote to memory of 3068	3600	chrome.exe	83
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84
PID 3600 wrote to memory of 2044	3600	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff9d96e9758,0x7ff9d96e9768,0x7ff9d96e9778
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4672 --field-trial-handle=1704,i,9043784487753098742,17619127941181445177,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
056c9a2478e18db5890d8a198c6c99ce

SHA1
42ac253a99cb0a93e0e7a643e019fd28020bd716

SHA256
8ccdbb6b459234e3df47e9ed82023db78a73115ad582d502fc1751717a6a21f8

SHA512
6ce713d91c4ca9533800337119156e9bf8e2d0d9f48f83f60cc976a04ab535976eb1e070dc8ab6875adc1c235667752e10bc2a2fa9ba7931ca59fc090f66bac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5231ebcee254a34b968c1bf0612f91ae

SHA1
0891e1b4165e21bb8d216ed9e0d359d6cb50a282

SHA256
a3b66d7f265ccb29cda85c549e7ea058b34f40bd3de53a782f8ea6d171bef1f3

SHA512
7cad5b9adb8819ca2bb6d4ddabe6f2f64e269a34d2a6f7315029ecf87fbcd3f653ce890f6426b133f8c8c2aab3ee96e4ab2a93560c12142edec91bd86fd17255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5dd733b988c50a8a26f43fb7ba3d8d10

SHA1
ca05dde3d5abc48e958b8e31984de979d8ec8e4b

SHA256
8f90fd2336af9e1abc4f949b3dcdc6fc91525d265f14b37e56fc5eaf9d5298a9

SHA512
f9344de74b464fd31236a1179d5a3bb29aa0e3ad1c5f1ec695a3be678e71c5ecd3549e137adde38130dc0082c6537e56c7a4aa8823a2288845f1674a6351ed7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a5ba6c15bc31310c12addc7adb3fb564

SHA1
0e15909a323bf547701e54a3562961034d9acdea

SHA256
f4596e26637636936da113638a81a3705e6f03878c0bb721bf21c986173a2cd2

SHA512
35c24c8e6368b97a7c24881f45811cecaaba8718c9b54cd4982d69b3ebb2466abf1fb6377d7643ccbe9df33fa0b802bb2baec735df3a8b4d667121dc40916528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
aa4e346515a4f838c062bfbb19e76bd0

SHA1
781952c4759edc02055ad31514f3cbb228957337

SHA256
697951e5bf14832023f1a9edfcdc2f06b7aa54d736867f8acf704c96d8cabcda

SHA512
66c8c74159e5074104c17bee6fa63fda1873c09b6bcd35c5be73386e8dd2bb78078198d55b0e8d42ae31a97153859fc9a06d1c8f93babe221e7b9ffe2d44356c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0ca94e101009a39807a5a5a68f2952e1

SHA1
036c119e1ed6864905f53dae15444ecd4b4e46f5

SHA256
3f9dc8398bcc9db073a1e80e0e004f0f4076e4b7d07ac4a1c6cdf6e529d2df2d

SHA512
7f51a0364f52daeb245d55688eb50ecbbb78f47141d290887dd09c947190bfedee52cee9f0d45a58a295731f4d9f5ebbbf5972b96a4f30462439ee64451ce92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
cdf3414b1b4fbfeec8f51fdaa277ff50

SHA1
421de08f1a3d10c40b9f3f8c0d1baacb3be47400

SHA256
93cca453215bccbe5f5151ac9b94807802f795f4343de5f600ab94e82334c513

SHA512
e9effad2da80fe32cc20b0effdd8f3473a4e3d8209ff4a4dd47ee6acc0674cfa62985e7e08ccceb14155669d6f0e18b25bff612035cdeb81a71684ba34998dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7207a502c1ecccc1e0fa095c3675a796

SHA1
6659e8dfb40134717cd8e864abe4fe044cc8cb7a

SHA256
e89d2987f4611160e4b00440b3c73c11eefde5cdc02479ab143fe4c457705032

SHA512
deae97229a2b2339fb4c7239b23e4cc855b266d14ba05919c7b63206b39d54e4eedc7ae3a24ece063f61c140db824e45d5a2a7db92935520c91a490d2cdefde7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
a6e881ee62bbd854e9b741c82e415571

SHA1
7029249a02b69458a3a53fccb86c553acb3ca92a

SHA256
0ff7600be37743d6ad483c4dc5a681fd33b469f76f7c3d55fbe7a77226e1c321

SHA512
4f709a5af15201ddd03cc00260fbd12e611cd36925a79c5cca8f958187449bffeb0f6eb2736027b5737e84d563955e70f7a5ca0570f231e48baa54a382cdf2ee

Download Submit