hxxp://www[.]google[.]com/webhp?hl=en&sa=X&ved=0ahUKEwiA2ZnXpr6AAxVtk2oFHXmJDVAQPAgJ

Resubmissions

02/08/2023, 17:57

230802-wjw2ashf5v 1

02/08/2023, 16:52

230802-vdvqlsha21 1

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 16:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.com/webhp?hl=en&sa=X&ved=0ahUKEwiA2ZnXpr6AAxVtk2oFHXmJDVAQPAgJ

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133354687916575345"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 2420	1036	chrome.exe	80
PID 1036 wrote to memory of 2420	1036	chrome.exe	80
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 4944	1036	chrome.exe	82
PID 1036 wrote to memory of 968	1036	chrome.exe	83
PID 1036 wrote to memory of 968	1036	chrome.exe	83
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84
PID 1036 wrote to memory of 3536	1036	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.google.com/webhp?hl=en&sa=X&ved=0ahUKEwiA2ZnXpr6AAxVtk2oFHXmJDVAQPAgJ
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5da39758,0x7ffa5da39768,0x7ffa5da39778
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1656,i,13012337629636683662,14294921228565936268,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
f9e389dda89e36a11b7ea238d3a6f2da

SHA1
a98814b0c3942ac9d33439d7dd8659d81601b687

SHA256
2bc4df88692b7969e85ccd9b98d4696d88059bfc2721c0b7df1e4f2cd79331eb

SHA512
e203959fb8243537652461e5a47911754841c98527247d9d0cb683d69aa68521ca99804897177bd5712cf63b4a3c185ded777113bd7d407203a21b7ae5f284e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
84a0ddf1274c63eea4a029baa67d43a8

SHA1
64e450373037ad6b1519dc5a4dc25cf276fb5119

SHA256
ae662887cdaacb3620c65573a1c57bdc63f5a91536dc58f12640860f3dd2c150

SHA512
f2ba427d97d1b8e4eb45d392479f8381eeb3e94be0cea53bafe51588c17b563787a08e0ccfa89056addee565c3b4193b3a4c542e5940c7a513cdef1c116a6a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bcfc6ef8439e5d6c414203e276e33bc6

SHA1
071fd74298f65e03daecca5b686fe680bcd7b408

SHA256
2c2fc34e26826515c2ffdb32f297809bbd220c27b41a4f7cc2b3e4526bc255e3

SHA512
80964365c83fb93d2713b92fb3ea7d5a596f5f3d251dba8b086f3841c986850b64335483f09990483c4d15e2d03f0c939e580dc4eaab633d00e8cb15b43612ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
11345aa967d7860182b1a7ffaf2269a0

SHA1
a21cc1d8a6af5fd0c192e13e0a866e0890f88817

SHA256
d87fbd36dc369b410e10535d7d9caa186ad33c746dca3d34c969a32315911eec

SHA512
b054831c061ea18a04dc0149ae35f236fc37bf9dfe74470d1f4320625e4cdb17018136e439276da5d38eb4f0c0b56a8cff4315cceae692a6f590799c7ab59350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90d6e74d4c66a9ed5d7b8a386246c6b4

SHA1
83a62e93c02795c131b64dddf8fe07f187706750

SHA256
4d26c0909d07cab2f4338c6ac340edde539d1f7be2226c613706a99ee352971c

SHA512
a0b3c3df7b67b673ae7048baaacfb2746bd237c2426fc3930de918a01a4af68ea8d08959508d629ebad2d9caac5b2ee83f0df0bfbe311f09bad19319da54dfe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aa0730c07b8dac57184eab2df1504792

SHA1
1851a4598199bd023271e9fdcebdabda6737688d

SHA256
d6ac3669aeb9f6cc12524b2f983ea3278139326e9a981b7271ce95900d06b88b

SHA512
ca013c6bcd9280e0c6a0ac970cc65ddcbc73a6840afc962825d138836eb1d53e6686d23eb91ce211c8bbcec66b22d3249ee830f8da6adbb697647c1ae08fe1e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f15793130970d0bc2dff9715b97328ab

SHA1
4a5edeb3e37c9aa66296f8018d582d810aab5e9d

SHA256
f05063114feed08e1de1a8b74d46654f8268aa25d5cbc123d9e37ac17de2ef9a

SHA512
72a70cc77fd34478e0b31611a7e56d4b75fa311c8939c95cba756b0b2dda261269530c292fdf9b61d8072da0b332ee260268b9affc169cd1dc4c83450cdc78f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
7979be7c71c6a35c1999ee3d743f1524

SHA1
3da8d60616455e8810a4a374118bb71dcd024b9a

SHA256
48069902b6c39a5c5b59f91c49098591db7347eeba42ebb7d6190284af8b0c7f

SHA512
772125999c1997ba8cdd83648e2a07f9bcf621576158ebf1b417ce451703299d3b84536656aa49d80d992e49ed984abbec86e5e2c24c37db7082eeccb6cbdedb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit