hxxps://docs[.]oracle[.]com/

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2023 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.oracle.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 2272	4456	chrome.exe	84
PID 4456 wrote to memory of 2272	4456	chrome.exe	84
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 4312	4456	chrome.exe	86
PID 4456 wrote to memory of 3316	4456	chrome.exe	88
PID 4456 wrote to memory of 3316	4456	chrome.exe	88
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87
PID 4456 wrote to memory of 5024	4456	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://docs.oracle.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff16f59758,0x7fff16f59768,0x7fff16f59778
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4728 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2848 --field-trial-handle=1924,i,946416263159157467,13760098464180824689,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
e83a0f92d79b7602e5f1693e544e085e

SHA1
47d4db525da5837e0bdf31a0d11fc1721cec79e0

SHA256
ef050240eb4538bec0d9995adc11dc03ef2dcf328eccd02d7e12ef1083f8d1f7

SHA512
b12f1a3eae3aea66adf8d9a3874727a272fb0d4a2ea38e6a6e9b8ab930dee060f3f9ced3b89fe70466e076a4e067edd452dd1b1272e42723f5eda28d29d8c5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
def554df630b6c3ef788392aa30d6b98

SHA1
6ed76ebfdfa9439c97e9dd105bfe2a6f1440cef7

SHA256
4dc180c9ef9f3a2da9a9c4d0087ef9588257ae53afcd22c20348f8b7fc05deb7

SHA512
94a4829b430d2be280a547c5f92cc22c5eeee3afae51c7c7124823908f038d28111e0d2c89c6e15a09b59325afa6222ce834f4b913f722c34935174229fc763f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
b324a4879e6f9138be8c86d873685bf2

SHA1
163e1d20b9d382cef2b6996f87493b6b90fb3e38

SHA256
5e9fb1d39f1e0bd9ca92fae60c9efa93f612caf894e5498f10e30ebf4aaa1999

SHA512
75a62dabda0ec99666ae0372c903bc7c5a1583866f296ee97a8512751f94d3d1dc4f134b43c6dfb631f7474f98f3203bbea3cdd817d4c5b77086f4e02483eb05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd33899b246748a0f8541429fa088b06

SHA1
0cf730103153f497d322b0ea68c26c292297ebfb

SHA256
ea062aede3bfe52e68e3f578aedeaeabf220d9c1a5144ff5808fe3d7cd5dacf5

SHA512
c478a0340334a6582ebc9d0ca9f63df4fa34e252724f647d2d98ed4e19bbcdf5057c6eab699d8d9096738af02c51506cba5713cec391e920cdc9effcc4eacfc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e2b26871cf390001c0be1595c269283f

SHA1
36c1cffdbc63c418f0a1ef887484bd5fca1e1d28

SHA256
97f583b14bbf8f130ffa582b892b914280ea6fc92e9f26a1556d1ae08925028a

SHA512
fbb344223c53479f8dafcaaa22a7587d95cdb42fde5bcf88b8c645f4fac8e5583caeadd845edaa9341b3a45f6840d6da1d02043e4c479c73d8bbec41e1a1fa00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
d42900bbcdf5d0679d925dd741309fb8

SHA1
a22329618a056bc705e301dc7388ab820516451e

SHA256
ef6a43fa877f8a08ad63f5c350bef703ca026614f1aa76cd2289bce05787dbc2

SHA512
b80cce9de1c3e1de78a782e568a4a24c7ac81e873c419dfc8a36b322c30e744b8e22ca9e7c46c1f4d5be9e540d4e5f3328dd7a11e20e37a5efab65d0ab4698d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit