42c5e591988fa3ab8ea72664cbcad00628b1cb7bc5a8c46bbab163cd3feec359

Analysis

max time kernel
113s
max time network
122s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
03/08/2023, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

attached.html
Size

38KB
MD5

e1f37f5bf96df163f25233b0e1d261d8
SHA1

a6562ca47e08a3a70dfee44bc6db0a399f90b316
SHA256

42c5e591988fa3ab8ea72664cbcad00628b1cb7bc5a8c46bbab163cd3feec359
SHA512

cad34a63393e86f7898533069a2391b9cec73d12c89891d275967f3836d698c224470e3b67ce0c31bb8bc1e741362d00100b53f76cec8dba8d998a7fc3a9e186
SSDEEP

768:7q4mD62C4AkCK/hj3CkYWm/SOtLToysd/+JyyE+M:Ot6eAkCK/93uNSOJH9JW+M

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355742313963417"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1008	chrome.exe
1008	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1008	chrome.exe
1008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe
Token: SeShutdownPrivilege	1008	chrome.exe
Token: SeCreatePagefilePrivilege	1008	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe
1008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 4768	1008	chrome.exe	69
PID 1008 wrote to memory of 4768	1008	chrome.exe	69
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 1104	1008	chrome.exe	73
PID 1008 wrote to memory of 3160	1008	chrome.exe	71
PID 1008 wrote to memory of 3160	1008	chrome.exe	71
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72
PID 1008 wrote to memory of 2536	1008	chrome.exe	72

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\attached.html
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9b4139758,0x7ff9b4139768,0x7ff9b4139778
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1928,i,16785178077432218490,6851497377210098130,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1928,i,16785178077432218490,6851497377210098130,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1928,i,16785178077432218490,6851497377210098130,131072 /prefetch:2
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1928,i,16785178077432218490,6851497377210098130,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1928,i,16785178077432218490,6851497377210098130,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1928,i,16785178077432218490,6851497377210098130,131072 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1928,i,16785178077432218490,6851497377210098130,131072 /prefetch:8
  2⤵
  PID:1456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
498fb1565ad4791d61f985e93047e2c0

SHA1
8b8c3de6bfc982d2bdfce43e52fbe48e4fb5b78d

SHA256
cd6b06b61d25254cbdd8b0983f89709e1c3ea26f1288eb4ff152681e6b57adb7

SHA512
a38ec053433570c0ff615a42bca67c87b146732a5a155a1912de57f26a4dd9bdd03670be93cb23c5a8170e55d9d6ef0a5b35ae114012c453087e1f5a5773baa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
dafc94c904ad43d47529eae2820931fe

SHA1
d4e9d1f2708700bd33ea7232390615a2b3906971

SHA256
d5de6ec6c0a5d796ccfd77ecfb1dfa89b817ec4b343b44873feb6344a53852d1

SHA512
9ed9a5c9d22ecfff3f7e3ad211552fe6371024ae1447171c3f03c55a430bd43467b73d6030e97581d39915791a13abc4f393c6c5cb024d6562faafbeb26e7404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e328b84badadc0ea114ea07e4fc358f8

SHA1
0bb627b4f79eeea06b4a86bcbde6bfe182dd58ad

SHA256
610198aab59402e038023fceecac44cecece63d6084b29e10cac0881f6705549

SHA512
27ab5eb8975860e4e859c5f5e1b136f2380cec6f0d334fda910ee7f7721526d64dd326db98eca93299b458d021d914bc49064d158fabcbd8dc8c6f243bda32ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f20a82fdfc9c5de95df33bf77cf886c8

SHA1
f615917379fb028564f4f1f3406a544bfb990570

SHA256
f8cb739149df92a57080f866cc182501bfeb45b792ccee3dd12988d0f546754b

SHA512
d6a01e734228d9faa8e4dcb9953554ebd5a7df385f5aa54d44c9cc2c2bbd36b6f4f2cf80e04e90b3d0d80ef8a279d89cd74b7262b4bdb0325b47154f391ba3cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d5c453e9cdd002e45a915031e9276633

SHA1
effe244510dd7934ff8bf3dd5d704788c0dcc32c

SHA256
dd9a0e80399a3587e35a8a3deeffd2e0c8669138b9ae10e1a26e3f795cde6a5e

SHA512
f0cca4ef95c25e3803311a41ab2ff6445cf3df67a7b0f671254821f6627b2acecce57d3dbdc7df363d675372d119fd36942a2c8d1ee4a9c2bfa398ea88f7a722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
39b95a6d3cbaa20279f5399691ae47c3

SHA1
08a9c19fff136dd4de3ae35b6db5f35670ee04e1

SHA256
93cf2c5d778ee1f4adc67a55e5cb3483f5a34b257ce2f7208437c6b64c2e4dcd

SHA512
53729e14a4c010f64109f1f4a3d1816052f31959741b1ac59813249d3a407c215cfb2c76f10afab9553e3a3a9956051cd6cc9d73f2ca3c520c258e0f01f24b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit