3197eefcd24c60130442e9fbe7edac0f8b80a25956726864ba79255e4ca98a6d

Analysis

max time kernel
26s
max time network
25s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

812KB
MD5

16948c152dc842f2a77dc6150c236302
SHA1

0b10fc5ee270d4c3098e1f80dd12ab37889bfb80
SHA256

3197eefcd24c60130442e9fbe7edac0f8b80a25956726864ba79255e4ca98a6d
SHA512

094fbe4431e74f52d166bf8aae92e937dc57642ad55b735ea9cb4809ae50c1dba48884ee903f43ffa558a1eb7a58d5e451cdfa6a08cd057855ff9a028526e4fe
SSDEEP

192:/bQ/43ivMVB8AxpvlpHq8xvWoxboolbNH8AqHWNOqWi8vxbboopoN8AHAxN8vxo8:YSf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295868530447728"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 1472	2600	chrome.exe	85
PID 2600 wrote to memory of 1472	2600	chrome.exe	85
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 1300	2600	chrome.exe	86
PID 2600 wrote to memory of 3948	2600	chrome.exe	87
PID 2600 wrote to memory of 3948	2600	chrome.exe	87
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88
PID 2600 wrote to memory of 4708	2600	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff865469758,0x7ff865469768,0x7ff865469778
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3152 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4736 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4932 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1816,i,15709244277529843288,17308711218715398503,131072 /prefetch:8
  2⤵
  PID:3932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1e3c956ecd90f28706640c0ba0d28d9f

SHA1
a7e0307a564db42b4f16189fb7331787218dff15

SHA256
a77ead18742b91e89879fc1fc65829a79f685969ff8f061e10c5f7b98037c169

SHA512
891fe71c71e33970407db4df67bbe9af13e735f9ffdf3f3d61dd171ec7e24d1d59664fea222be3d80e9ac11efe128b766e4b17e8e3e30129bac404881812e449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9b146d8817037b906bcaca97e5936d8

SHA1
14c05f9125c3eb9eaf49ad8d28837f98c3bdda84

SHA256
521d58769c9acc9e6eba35a08af969d2b01aa67c414c967b8113c45ba07c8300

SHA512
e6d21274257942e14095bc7906e19ea1724084e487cac48a819db035fc0eb5b01670dbcd86092b45447f6b4e158108c653b6d5528df8c3e9ce4e46f3be4e3e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ae1512532c081de42f3139a620b731dc

SHA1
839530724e96901c441af0e7d54acb9c1b8a437c

SHA256
7b8f1c5af953fcaebac87d6241e2ced04f87636c2e40342432aeaeacbfce1357

SHA512
589cab8c6d68492bae223774fd729da776eec3740bb1538f31879adff31bfacc0bad7ed692ad36d49366b651daa3c771c9873e73366753920167da6432ff2a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a759ad13a9db618c26f66b43d947e532

SHA1
8a7bb577bf6d14f48f405e65aa398b3efed6be75

SHA256
df61097c5ec3b8c3b9656f403e4f52eba29107bf7c063a771c4ac7d2c3738879

SHA512
b721c0a346d823efa8f349e979a0b0bfb5859b9b83df4946c0e4078fd0d7a3a483431b6cdc66f592830cccdd9177357dda2b35d5b5d239f3ae4e7e87add245ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
ac02fb7518ee287d4a76bb4c4d76364b

SHA1
7a2275ce097f253aa7f0074b76a1f32bb22f01a1

SHA256
86e96ec77fb3d7f6160733dcbb4c33b7b7d143900d0cbca4e739e232a8a836e1

SHA512
8df1ff27778b69879654683627efcf5516ebb5cfed3abfe9232f9dd3270ce5ee55d4c6134d4a6df1b493eab1884922c587e9f26fc98081143b375e0223d53c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit