hxxps://www[.]google[.]com/?gws_rd=ssl

Analysis

max time kernel
42s
max time network
149s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/?gws_rd=ssl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe
Token: SeShutdownPrivilege	1468	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe
1468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1472	1468	chrome.exe	27
PID 1468 wrote to memory of 1472	1468	chrome.exe	27
PID 1468 wrote to memory of 1472	1468	chrome.exe	27
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 732	1468	chrome.exe	29
PID 1468 wrote to memory of 932	1468	chrome.exe	30
PID 1468 wrote to memory of 932	1468	chrome.exe	30
PID 1468 wrote to memory of 932	1468	chrome.exe	30
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31
PID 1468 wrote to memory of 1972	1468	chrome.exe	31

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.google.com/?gws_rd=ssl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a79758,0x7fef6a79768,0x7fef6a79778
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1332,i,5769973169043948249,15168418258007231404,131072 /prefetch:2
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1332,i,5769973169043948249,15168418258007231404,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1332,i,5769973169043948249,15168418258007231404,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1332,i,5769973169043948249,15168418258007231404,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1332,i,5769973169043948249,15168418258007231404,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2980 --field-trial-handle=1332,i,5769973169043948249,15168418258007231404,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1364 --field-trial-handle=1332,i,5769973169043948249,15168418258007231404,131072 /prefetch:2
  2⤵
  PID:2180

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1068

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\605d466b-1106-4f69-a71a-9b6b51269b42.tmp

Filesize
4KB

MD5
dcde7ecf350c37f039255d92824e3851

SHA1
e7bd4d79babfe7ae942880eb677c203e862011b6

SHA256
541fa038db47d904c4d798dcdb89ceb0a0fb82f25d3c23018b54e969658af94e

SHA512
e350c8302a0fb6dba97fda1c636794e5001f96f1e019e260c23efd842cd65cbc9736d7bdbf6cf7e5358f165ea0fd42b2dafd5b192996f839fb383cfc196fad29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
d3d14b25caf8eca9a1cdad43e7a06447

SHA1
30c45bcd1fa70ff7348ee47544a3eeddd2cbd082

SHA256
ddd7c8c7fcbff5e6e1107a96408e787d892644f38a006f818657b2ef18011105

SHA512
e3cc4fc805458b9de5b1aa12f72bf3f994c4a5b771b326a5a4192b5a92f1b07e6b9b12b3b28b2f2eeddad5deecd609108f4b8c595bab730c7f71bb37c126f39e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
51c8d1b4615629ddbe7f1d193f7f2b42

SHA1
9c3d68555ab258b671dddb5c0da3cd3d9b7a55db

SHA256
15bf0bb46160c996b43efb326f514c2fb98a3ddfd94170c3208b2573a648b570

SHA512
27ccea88afa34a6da4e1822f764194916ad46d1e2435b4c6ad85e87820dcf4805c7a0bd210bc4597d96abc451319e56bc90887fa0abed2c37eeb51eb2a04a666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b40adf22cab18c880db9167c483b416b

SHA1
7ced7bee2f09c3506ba461337a14282f248482ea

SHA256
7f4a90d1014e781edc8ad35efa29b4a7f374903150e6b3b97ccad913a41c8179

SHA512
314c58e71ecb4d4c9312395e3898f97d86bfb36738ccd7f61d83c0ae2128093c9a7c70d84fd251b91be5d45cc8feec7f5849df1eec7a70bd38d2e40483f7f2f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
66e5ddb8656ee9001eecfbdf755ead61

SHA1
e8824a81f75d1b10955a2813ebaaf8882aabb3ea

SHA256
f2ce9880b9e40f36e425291cc04a47104f1c12528fa063cab8c396d273ec8187

SHA512
6625c23c7e735fddad6de2ca9231dbb875f086533fd909447518e762ddd44bf235ffdcfe6e2604cc9c2084ac00a1a4e05c3d48b407f89da192d70aeb08172979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
d8ff437deb75b4218d1bcf188cbed721

SHA1
3acb19a4328fa1bce23683b6856036ef3c6b16d0

SHA256
87f97535d544b045183dd1d4af4985e747f542f7424102dc251a1c231c852e6d

SHA512
34d353509202f2ffbf2c6ca8bdc15b0f2b83044f1f13344ae8c638e98f07d4d3962c3c1859a053b06351351ff7c55cbd0625723504b1a5677b83d03e998d8d82

Download Submit