hxxps://google[.]com/

Analysis

max time kernel
116s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com/

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355534236597436"	chrome.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3572	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4256	chrome.exe
4256	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe
Token: SeShutdownPrivilege	4256	chrome.exe
Token: SeCreatePagefilePrivilege	4256	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe
4256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 4468	4256	chrome.exe	56
PID 4256 wrote to memory of 4468	4256	chrome.exe	56
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 3908	4256	chrome.exe	89
PID 4256 wrote to memory of 1232	4256	chrome.exe	90
PID 4256 wrote to memory of 1232	4256	chrome.exe	90
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91
PID 4256 wrote to memory of 4368	4256	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com/
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe41f9758,0x7fffe41f9768,0x7fffe41f9778
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1856,i,2467622994162682167,1880862530855611484,131072 /prefetch:2
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1856,i,2467622994162682167,1880862530855611484,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1856,i,2467622994162682167,1880862530855611484,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1856,i,2467622994162682167,1880862530855611484,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1856,i,2467622994162682167,1880862530855611484,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1856,i,2467622994162682167,1880862530855611484,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1856,i,2467622994162682167,1880862530855611484,131072 /prefetch:8
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1856,i,2467622994162682167,1880862530855611484,131072 /prefetch:8
  2⤵
  PID:1480

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2928

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4156
- C:\Windows\system32\PING.EXE
  ping 15.ip.gl.ply.gg
  2⤵
  - Runs ping.exe
  PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
393ac8ea1caa0c2b590b232db92ff9c8

SHA1
8d072b5dfd65b25b36ab5ebb9de00920dd93ecdb

SHA256
44e7a991bbe258588ee3c6845a39737c2dd31c048156d589d649668cb7e84124

SHA512
be3f8423a403e0aa781e577ca6c996b658faf7fc52b9d6c45369638ee3b9a97572e1a83919ac38b0d9d7da339afca4bedaa778faf734e4fd63ef7c5a2b04aba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
88023c0473057c786f65ea781f6a2010

SHA1
33e532a3bcec871c48f2d91411d16430bbe42000

SHA256
3b3e61dc42550da406d7e2abfa027f44d11028931daa1a1be5f81d8c63002933

SHA512
da2d93462bea17bcf29384775b461efd1a43234a1490ab8175f40fb2657ce840382d33da9ab165805642f2f67fc042b1084f020108b8e5282bbb0b948bb826ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f89adb5d-ed7e-40c7-93af-6e5d3d8ecc9b.tmp

Filesize
2KB

MD5
f912e6370ae3315e97aee52046f25e30

SHA1
5bc1ff29d6a4add3c0746c90a925ec0450488c9b

SHA256
ab5ddf70554d0425344ebe0547176fd856d35a20bce86e294d1c6fa3052e0f82

SHA512
d317e6e1d15d862ad190999ab4f688512eb3a61846ef59ef00748f9a7285f710cc3cb44983effd100b293a03c69873ec3ccb0d37fb79e69188ea24ef02262637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5353ad2e7dc323d40d2bef8a2dee9c82

SHA1
f8f8e090f19d787facdc0608c9c152865798aff7

SHA256
debc29e8d19f2a19956c628a42207be989ec4bc2223372a8e0327fc233ce9054

SHA512
5b249e86512ce03a61f55395823345ec365ef4d05ea67df33cacfd4c3657f65bd99798140c22c8984fb685b7832f1ee96196c2d2a690c5459622ec71a01252cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
166a1f027b17553374b35842b5e1ba83

SHA1
44658defaf760c7de99308379bce48520bc2890c

SHA256
6746c48bc8d588b639e3680487ed2fb5440a4fa66f503955a6a173e1773b1f46

SHA512
37f4eeb5592dcab274842525f553c2c8f3c88d7ae05a4a6981fe05ae5621b3f91fb60a1ce3021e6605d715fc39057bdd0868a6b47600f646ccb9782d4e47d260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
55acc070a5c8a0f6e54e5dab0404d351

SHA1
3bf6d2f0532e60bf87eca30001b0afcfa158525f

SHA256
c147b44ea2a180e406b8118cd56e87915fc029973125f69a32b46bfd664648c0

SHA512
ae6c0b196a03619a0052c7b640013df71cd6e4cf62b1e01d526457ef51d1df4553a13282fdb18818cf872f69bb159402e62b22e98a3d0b0752a735bee39962e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
5af7971addfc6e00a317a3c2f425c5df

SHA1
bbb23e972af28276d614ad3b9d4cfba5ea40d6d2

SHA256
c5b478d815f3c722fd9542aa3d56803514bb138b5f55e42e931ce402f6cc98fd

SHA512
d6f11e0ddf80d9ec0c4908a65d039ac4d444706846b91f80a82db9cc7a20fe8ac2f8e24b1c22eadefbfed24d7ca944d3cad164f2ee88f5cb3f36c4c0918dab9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit