d44e8f31f9c56ac3cff059d816c807c293b6a3313bfee652b6a1c5404fa6e0d1

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2023, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

atc-pie.html
Size

104KB
MD5

e4d298199877e9adac7a8ced5528e202
SHA1

90a91f1ef6a44ed000c801447449b55ebb190f96
SHA256

d44e8f31f9c56ac3cff059d816c807c293b6a3313bfee652b6a1c5404fa6e0d1
SHA512

cdb9dc6e47d04c75c73b67dd38aca0db2cc4cbf7a3c0588570fd9587faf261fd7b1fcf601d3a8dfa84982e4b5097f54a1f0f287e7bc0960f9b3eee78e0dd9b3a
SSDEEP

3072:xK/82wIbUe7Z1ZP1WeNOEcqox7xhARXh9twW5DCmtdq++9vKk:WYxWRXh9twf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 848	4612	chrome.exe	47
PID 4612 wrote to memory of 848	4612	chrome.exe	47
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3600	4612	chrome.exe	87
PID 4612 wrote to memory of 3236	4612	chrome.exe	89
PID 4612 wrote to memory of 3236	4612	chrome.exe	89
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88
PID 4612 wrote to memory of 4284	4612	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\atc-pie.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae4109758,0x7ffae4109768,0x7ffae4109778
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1904,i,12722564486870399758,5186166609131179673,131072 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1904,i,12722564486870399758,5186166609131179673,131072 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,12722564486870399758,5186166609131179673,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1904,i,12722564486870399758,5186166609131179673,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1904,i,12722564486870399758,5186166609131179673,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1904,i,12722564486870399758,5186166609131179673,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1904,i,12722564486870399758,5186166609131179673,131072 /prefetch:8
  2⤵
  PID:5044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
483cbf88b67d260faf32396136474d5c

SHA1
05f0c9756ce4ab2162428789eff80bd9ff8d59e0

SHA256
9b3923d9326910db87233cb73b333bd298248799f149bd6c154f3ea68d0dc595

SHA512
220794a679469a06bd0fa97d920ce76dfa97620ed077244b68e564dfd8f9053860d7229f73cd1d99807affae7be10e55f1a17bf441e09fd7c6cd19d90f04949f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0779c946dda96223621fe5c5e11096a4

SHA1
c7e81e16094f8eedec14cd86760ac2184b3d92de

SHA256
c0cfd6e3df316a7126f943fded6b8940c8601c7f452bea4ecb3784a9f3568451

SHA512
4201a83772cb4cab98837cdb98710529386b4f70daf11937dc1e2237feec5e083de950bd871aa0ba4a073f3acc6e7ee82d972dda08e4e6dbb771f8d9957c2754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c3b818fad415bdaa2d7d78cc10e56b81

SHA1
a0cbbdb511f992aa4e3c18ef8a80d85007dfd0f1

SHA256
d8ca0b26bd3d9d38979bd31dde622c064a987eeadb83e96bf3ca023122dbd085

SHA512
8e75b351a8f49bc06b09eb5d123ca821d8239eb7621d799d8904cdf1c7996f5415328ff3db5ed870bd6ec905ea03dd2d8c031478774b94ee4fb37db75c954b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
600c83ebf8ec9eb7304bd8efbd237a09

SHA1
10afda8a81c08dc4f11baf4586d0fac6dae3bb80

SHA256
0c884ac29f17fc961c61a65562f85611a69f8fe7fe3d0a6c8e675995db8e2099

SHA512
cf819ee680e50e5b2aecf703734be29ddd34858bac10145f479c657a2179ac52195f1b088ecba03d86b2727b0cf72a7c3c59678014cab107aa10c9a7b1e2e274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit