4b19f149a45164ae75c30a63b0b6d29e465cd5cee7b8b1e394d650fb15762c40

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Detected_File_1D67B6BFB031475FFC7C7FDC079F6D686C32A95C_20201020134217_0300.html
Size

867B
MD5

51627b75044cd829ffa17961bdd92314
SHA1

1d67b6bfb031475ffc7c7fdc079f6d686c32a95c
SHA256

dc4ca971c4c7df50c5aaee10082c75563151e4cabff67b0890156b4ea90379e0
SHA512

a835b44a126cb34c11f786b43eecd36f15f2fbb4e46f94430a730125a56194d958766797375e3e9d6a29b145de44037d00a1b03476fc93755d3f0bf65567a19e

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355672740387410"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
4592	chrome.exe
4592	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 4348	216	chrome.exe	72
PID 216 wrote to memory of 4348	216	chrome.exe	72
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 1944	216	chrome.exe	90
PID 216 wrote to memory of 3640	216	chrome.exe	87
PID 216 wrote to memory of 3640	216	chrome.exe	87
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86
PID 216 wrote to memory of 1292	216	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Detected_File_1D67B6BFB031475FFC7C7FDC079F6D686C32A95C_20201020134217_0300.html
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d17b9758,0x7ff8d17b9768,0x7ff8d17b9778
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:2
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3720 --field-trial-handle=1884,i,111555728971922985,6005232163669660720,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fffc9369e946e303d5f3e9dcc10221e0

SHA1
d07ee6c198752dd2bda97f4a502ac653f597dd74

SHA256
51b639495ed37e7730175f708f8a2d3f99fadf4c0da097094230dcfb6e4559e8

SHA512
f64c587bf6b715bdd9b521341c9dc0970cbf9029cc1bb9972402f908d08eaf7d788748426adae5c9b5aaf0d2e541bdb3b0d0d9e73bd98c9b1ca070d534f0617f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0e50b87bb1a31264de0fa11a17112c84

SHA1
3147a3a1440add19a5819a107b586137c936bdb4

SHA256
56ee110c2980cf5bcdb45bfa7b7c2087378453e52879c63a54b7fbe64ccd00c6

SHA512
a7f62b49dfd9500669ca912b8cf1f775f5e7f59514db2200b59c8da188b712ce141a2e22441d94e76d643215809077befba3fceeb37938b54ad7321bff254813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
689357f0795260f756d6803e8c2c6ef8

SHA1
01a91f3856e5127cc352af902e1efe4e7ce49eb4

SHA256
5175dc3ca8886ea179bbea4c4e23de2f10388394f8c4ee23bb5b49890cf2e4d7

SHA512
fff95f9a92a7effa999960c46ac0201f8874d564687219cb0a33c67e712b45e088f61ec5e82c60ee1c296c8b03af94897579aa79ad5bbb3e07906b9ffdefa736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1ac61d0506d621dd82b29fca328dbc8d

SHA1
67722e9ae1e579f50cea3c7f3c16f1203a90e503

SHA256
3ce2a8696245389b326ce84037b1610246245bb1cb376d59619331a9c2bd8f7b

SHA512
4dd1d39c34198862f3c7f92f5c5dacc9d0511046ebc806a3e1c51ddfde8932ed5e6cd887a7277902050b7594de5ebf25aaab0bfca7d90505c925338f31332be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
678965ea68daadee801ebba319bb3d5c

SHA1
7d9067cc972338820ff16f5f4f6ec44fab4c6886

SHA256
ed86a2503e9408bc239c47bd3aeab7d7eb1ae33d3f124b4faffe58292b2985a0

SHA512
fee6e9784f6b9263c9af9dce1a77f10592aab5116a1e1b4da5970271f4a46afb945d9ec1bfc201456a3a3cf05d719cbc5189f069677fe60c2a48fc51e738b6e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit