96a1041b208fdf938e5efabca5b231df580de8f6c50f813392496b14cdd65d55

Analysis

max time kernel
149s
max time network
142s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
11/05/2023, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

14KB
MD5

639c76a330abbdf52a54b9c6f3842ff1
SHA1

0ded20c19a2c7ae0851cba591a4e9b208cc685f5
SHA256

96a1041b208fdf938e5efabca5b231df580de8f6c50f813392496b14cdd65d55
SHA512

55765a49d96a7e225b5f00c7c9eb4b3ca80ac1e5770657f9d1f4d58ae5efad18f9510cdbb63887920c970c040fcf8ea8e2fc01c367bab7d80be4c77f5768d9e5
SSDEEP

384:rI1a/q8DpmRgVoOsKFElKeGMiU8Hhhb/Qf7Ve28B2v:rq4q8fVoOsKiI1MoBhbITSM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133282877349410740"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe
Token: SeShutdownPrivilege	4244	chrome.exe
Token: SeCreatePagefilePrivilege	4244	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 3488	4244	chrome.exe	66
PID 4244 wrote to memory of 3488	4244	chrome.exe	66
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 2788	4244	chrome.exe	68
PID 4244 wrote to memory of 3132	4244	chrome.exe	69
PID 4244 wrote to memory of 3132	4244	chrome.exe	69
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70
PID 4244 wrote to memory of 2092	4244	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffb433b9758,0x7ffb433b9768,0x7ffb433b9778
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4336 --field-trial-handle=1620,i,2729909501669380960,6875352752585379039,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
688B

MD5
a802f8cc5b95378c7b4cf63c4ad85d3e

SHA1
f511035781e9b16d761f530c72b6c43c9c27676e

SHA256
d13627c4539bfb963870d0fcb5352df4012c3f5e72d1739c9c9a4b0c08c8401b

SHA512
6969120f3ec2030015fc71ae21b90dab081232cd611bd88aff39655b2388a76382e061762a047d4320e5b08ee3be43e9685594ffca6ebcd3555e7bf74d377124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d70696137a52e503555e411722711637

SHA1
f6ea656c4d80abfd9d51d165e9a4bddfc2b6a305

SHA256
f4cabfe2e01a439f8cf5da849f8e6b3583f4577fadce9cb03234fbb102382fbe

SHA512
1254e78679b8d8add046d9c426b4c9bb0ca3134d578a62b79549eb6982f0f1e94ad1cf5087060485099adb04e0f426282b3841f612cf884457d603433bdac86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
463afc51cbf8a11442f7f67a8126946f

SHA1
ff32c3837ec189f839c7e2ce1906c79fa47b1f92

SHA256
a84e0f52f01d0211bf85a4c192181d068d05e9ed6e3a82e957af0bd9b1561f31

SHA512
3ef264a296f1cc3def27d7fd2b837ea93a5a2514e504c3b321f12d85c706298ecb460bfd02d2392cea695cce9e4c3636f68c28f2ba47cec7d8e38e377d64639e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2e701570f6d2e7925b7e011535d6c9e3

SHA1
d8e47f66d01f9cbe1a9f578ed8d891f1d19bde66

SHA256
845327830224269ecbb55fc1479288219b957da5ad41cb8e16f01ba6657d2717

SHA512
0b0b4bc692eca957df5c8fb13d27cb1a2ef504f71c8fd82a2b004274c43b629f4585b1851a61c44e4917b8f194f4f721d33ad4691e3d54d526eb7f182e8091d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
8c10179b2c1bf5e9df273b1150e8e6a4

SHA1
2fc5d0ff1f4ece7fa40f747c1de9fd3ebf22ab16

SHA256
eb39587ce0b4a529477df306df0ce6db870279e7c8f1a6a9fa15deb9c55a5e3f

SHA512
3826a6e2d9061b6597ecf152e2b6db6856fe5b8d06da9288907a25d086e4c82b0d2bdfbb5fc13db028a72d9e92ab7c3772e3c686de7997ade312c8efded1f2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
48a27a51cc1927ba31946d4a12844fd0

SHA1
5d007bb5ecb1095c034226b0197fef497643a051

SHA256
2d9c347cbc28fa1cade1c4ff2ae61f2d84c4632f3e982ae9c8e8d53b7fbf3e3b

SHA512
bbed33b839153d49a83831e3c49bb707f475d38b273dba0383a93d50b659d3a0524d5084d933e61cc321b904d00adea745f904393deac6bb512a4e8443a5eb9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit