hxxps://docs[.]google[.]com/document/d/1YQFk9Z610_uycRE9m3OA4WPGAehVXgGeST0s1Kuk4fM/edit?usp=drive_web

Resubmissions

05/05/2023, 20:24

230505-y6qh5scf95 1

05/05/2023, 20:03

230505-ys3xbadf2y 1

Analysis

max time kernel
41s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2023, 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/document/d/1YQFk9Z610_uycRE9m3OA4WPGAehVXgGeST0s1Kuk4fM/edit?usp=drive_web

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 632	908	chrome.exe	85
PID 908 wrote to memory of 632	908	chrome.exe	85
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4116	908	chrome.exe	91
PID 908 wrote to memory of 4568	908	chrome.exe	92
PID 908 wrote to memory of 4568	908	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://docs.google.com/document/d/1YQFk9Z610_uycRE9m3OA4WPGAehVXgGeST0s1Kuk4fM/edit?usp=drive_web
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff987529758,0x7ff987529768,0x7ff987529778
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1856,i,8620130079029962079,17622609035452379030,131072 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1856,i,8620130079029962079,17622609035452379030,131072 /prefetch:8
  2⤵
  PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff987529758,0x7ff987529768,0x7ff987529778
1⤵
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1884,i,16208293324453836011,16606584365342500544,131072 /prefetch:2
1⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1884,i,16208293324453836011,16606584365342500544,131072 /prefetch:8
1⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1884,i,16208293324453836011,16606584365342500544,131072 /prefetch:8
1⤵
PID:4216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1884,i,16208293324453836011,16606584365342500544,131072 /prefetch:1
1⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1884,i,16208293324453836011,16606584365342500544,131072 /prefetch:1
1⤵
PID:1816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3768 --field-trial-handle=1884,i,16208293324453836011,16606584365342500544,131072 /prefetch:1
1⤵
PID:3156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
53b62dcffd3612ec69cb9d5a820f8218

SHA1
6898d01fd66033bf9bb9e3f6d4a654494116cbb3

SHA256
6ce18eb8c66f16b544ef081b48af44919d0cf1862097b6f581cf8b74030d5421

SHA512
56d9ba87a4b39086d2fdeeac969e65a96936761b7c06b8f4f15c38713ccee5608a942fad7217a2e2e14571224e35178d771a0e54faf21905f6e81db30758d09e

Download Submit