hxxps://synoptek[.]com/wp-content/uploads/2019/04/SEC-IFPROT-SOC-as-a-Service[.]pdf

Analysis

max time kernel
1200s
max time network
1092s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2023, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://synoptek.com/wp-content/uploads/2019/04/SEC-IFPROT-SOC-as-a-Service.pdf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133306697223353957"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2332	chrome.exe
2332	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 4124	2784	chrome.exe	86
PID 2784 wrote to memory of 4124	2784	chrome.exe	86
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 4940	2784	chrome.exe	87
PID 2784 wrote to memory of 3704	2784	chrome.exe	88
PID 2784 wrote to memory of 3704	2784	chrome.exe	88
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89
PID 2784 wrote to memory of 2660	2784	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://synoptek.com/wp-content/uploads/2019/04/SEC-IFPROT-SOC-as-a-Service.pdf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcd99758,0x7ff8bcd99768,0x7ff8bcd99778
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3312 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --disable-gpu-compositing --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4932 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 --field-trial-handle=1816,i,7775132281675747902,2529493205177729613,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
0f24ab6d82d37615ac33f94cba941d4a

SHA1
b0a26b395e6cd9536c7dfc2301e51e7121b00413

SHA256
d7cf462f30d6af172e81a51e89ec4064d8a34a48c46b8b05acfc22aef9f98c8d

SHA512
713ab4229d6ac864045a908f889855ac5d467e803d8a93bd596f86d23f42aefd6af57f0cb5e2199410f0356cf81bc166065def5559f12aa9a8470a1b92dc3fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
c9e3e111b983d73ff163d0f9faf4b934

SHA1
91be2c181a9cc4c1ab4bcdc111fa6cf4cd41aaa9

SHA256
f1c84b91557f69223aa981be6a2187c8839018814ff823b4fe6a0bef52091cb9

SHA512
a0945f4c0d52e8ab13b75965bc165288a1dfd36f8cb36e31f65c1e3839f3d3eee96aa744f82b38b7f0b27b8093f77a07d21eb7787cdb5b2940daf3ef31058c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a756908cff88890fcb49466ab6327145

SHA1
2f8f374e7d65a2d508fff6c797543482106399c1

SHA256
9faff3a8af95001cd39215c78e2ec584bb36ae215d197024cd74150643adbc11

SHA512
69507d5091734516ba135666a0af92b5c4fe73b50649e29d2b9baa728b25278cef33131d09f7256c42b4b5f61c5e952ab36566148a135af83256816f9bf685f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e9f117ad87522e756d5f3648916739ef

SHA1
04b4ab8fb23ea77a55992e5d4633be8127f56815

SHA256
06e1e208505f12c8a66af71dfeea8f05dcc8ab3e6c305f63c78db1d9ad7fd0b4

SHA512
b8c277b0bd4200aaffc696378eeb0a626b008b20b61a0267c0d7361a8176b4a22b5687d314d809f4dc5064c102ee5ca7b876002a92c634a3df496824824ac0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
959e3da6241f4c323974b05897141d6c

SHA1
26f5e3324cdb0c00c29b5218fe0db8916b9ce676

SHA256
f480327c038cf6e5ccecc2db7bacf967fd73c4ed823d608b8b83bb906be26c8e

SHA512
7f1131ba2d986a94202795f81f616b67f65d65c8b855398db5e59932090cfe6caec0295b9b5b2a31a2c57314a520d0252cfaa3dde377a4ffeff6573be7af4512

Download Submit