ffa29720931f706c5f2d805f483230c7d4082922f6089838d1cb9bae6d1021f7

Analysis

max time kernel
83s
max time network
395s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07-07-2023 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ATT00002.htm
Size

852B
MD5

e797544b73c11094820d02517a03e7e6
SHA1

53c26880ac8bcf06287c5076448a6293906e6155
SHA256

ffa29720931f706c5f2d805f483230c7d4082922f6089838d1cb9bae6d1021f7
SHA512

6ac646c50cbdc10e825e04234852025b27940924a821a55bfdf5f0f3471b38b1efa303857b0a480abf4080b78dd7cfd0a20207a87d37a348e379aaac6f5839fc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2208	chrome.exe
2208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe
Token: SeShutdownPrivilege	2208	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 3000	2208	chrome.exe	28
PID 2208 wrote to memory of 3000	2208	chrome.exe	28
PID 2208 wrote to memory of 3000	2208	chrome.exe	28
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1544	2208	chrome.exe	30
PID 2208 wrote to memory of 1708	2208	chrome.exe	31
PID 2208 wrote to memory of 1708	2208	chrome.exe	31
PID 2208 wrote to memory of 1708	2208	chrome.exe	31
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32
PID 2208 wrote to memory of 2876	2208	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\ATT00002.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb319758,0x7fefb319768,0x7fefb319778
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1308,i,16562746010078045481,4824555942151367123,131072 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1308,i,16562746010078045481,4824555942151367123,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1308,i,16562746010078045481,4824555942151367123,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2352 --field-trial-handle=1308,i,16562746010078045481,4824555942151367123,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2360 --field-trial-handle=1308,i,16562746010078045481,4824555942151367123,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1344 --field-trial-handle=1308,i,16562746010078045481,4824555942151367123,131072 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=780 --field-trial-handle=1308,i,16562746010078045481,4824555942151367123,131072 /prefetch:8
  2⤵
  PID:2276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6f2398.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2611bdca292fdd21e5a120f6a7ce50ef

SHA1
d09f635234f34909242df1cc003e4e86f44fbcd6

SHA256
4eb1ae9b166bc03bd8167ceefbc19cfa928e893b0716a6d6c2d3eb43e4c34707

SHA512
79aaf00256287fc6e77c53a47d58807ce66df5491175815a688e3376be39a53989ace2b623ba18a26db926da9ce7b0a095097b7b021aed09103ff355013d6ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
654af3653ca31576166c9a1c03b29e72

SHA1
39eb601fc2b4eb52b7253f587ec257bd916d8c9b

SHA256
82d21796f2cfb0c4c3e7e1fcfd7bf0462763cda46305ef222fdb8e4c9a65f0c9

SHA512
427a8b9fecace6f4ff2a073b67055d552942772ab4ed4f59b91f795c0ca880b7ca99d714fb43083d220f4bd8ae195d2a3e8c214242f25fd2c193383bcf4196f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f246be3e-bcb4-44fb-a8dc-5b31d2e0d2a0.tmp

Filesize
4KB

MD5
19bae415901fb0043b88096511de8e43

SHA1
72eae4d700d0cc495cba3d41ab8322231477e0e2

SHA256
6b18816910ce1cbe89590855c771969f400ada6ea543c9797cf05f859b1a8449

SHA512
8c346c07f2cc694cc05ce825960bb0102049b911469870de70e71eb7a1d3f876786e10fd9b0f588410971315a236e3012f0bd52ee7e086c3918be9ad3d3f8b06

Download Submit