hxxp://https%3A%2F%2Fwww[.]technotrait[.]com%2F2015%2F11%2F23%2Fgoogle-sandbox-penalty-checker-tool%2F&v=qd28uFeQCeE

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2023, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://https%3A%2F%2Fwww.technotrait.com%2F2015%2F11%2F23%2Fgoogle-sandbox-penalty-checker-tool%2F&v=qd28uFeQCeE

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133358928926383531"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2264	chrome.exe
2264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe
Token: SeShutdownPrivilege	2376	chrome.exe
Token: SeCreatePagefilePrivilege	2376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe
2376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 4460	2376	chrome.exe	82
PID 2376 wrote to memory of 4460	2376	chrome.exe	82
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 4876	2376	chrome.exe	84
PID 2376 wrote to memory of 3548	2376	chrome.exe	85
PID 2376 wrote to memory of 3548	2376	chrome.exe	85
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86
PID 2376 wrote to memory of 2108	2376	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://https%3A%2F%2Fwww.technotrait.com%2F2015%2F11%2F23%2Fgoogle-sandbox-penalty-checker-tool%2F&v=qd28uFeQCeE
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x74,0x108,0x7ffcfff89758,0x7ffcfff89768,0x7ffcfff89778
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4084 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:8
  2⤵
  PID:504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3704 --field-trial-handle=1884,i,3738534470116639129,5229968524335026405,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
982B

MD5
beffc67c6a84087295593391858b68d0

SHA1
b9bb47c25785434f7d1ffdffe74e02f5f664aa4f

SHA256
5dba56c965ab1b26cecb2b30d66fd88a17cf60fb8b6bc5a4408a12c938fc8a93

SHA512
50a877d287824306ec27d186d73640cd2bb108259c91c25e1fa5fc4711d7ed6fbd36561ed21c6d944295d154cd194f8c8cd5044addb3955405202dc6f4fd68d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3133a1af4712cd78e421076e0d1a3cfc

SHA1
0efdba1baf87d3ff5836e50c4aa079e48a27f240

SHA256
20b819ac91c15b65424179a22e68ddff6768091fbd3c56bcf7885412b8863157

SHA512
7fb1667f5151a754e7279305c9eb6a23c6c0e40ed032c21560836bb4e25ce82026631ec823ec78ffb0541a388a368c5c4723f397b796f214763d46060bb6b3fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6220190b346d21cbbeed2b1b08780ac6

SHA1
5069660daf6df11f14427719937d45d68faafc31

SHA256
b7bebb128402c93a884a55f66f3b505e18be1cde2d8aa70eac980d3845d5b6f8

SHA512
6f3d9a26cdb932648ce275d3ef254ed1b1fc71169464b9ca647c03b2a259baf484c9dfca677c63fe396ed5fb827bfc6e7cd940414db48179330561eb6f67dd8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6944a61ea3597889167f75ce45fba820

SHA1
7e57a91490825996193d570e755c0474f15df4e1

SHA256
c1fabe3e06f85f65a1da11467c909ca7a2c0644bf0cdf7fdc5883a0de4e0a89a

SHA512
c4f2ab56d51d7e4d7c71bdf78832e402aca6b1f8e96de7669d9278145448be00fc9b34afe20e4c48a1e2437207b4ba18c94572be20c32fa5ac4a29582cd0e990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d9244110342f4824a20d41f8b96bd6d1

SHA1
e01f83d5db6da4f01e86c849f79cb55039da07ee

SHA256
b507b840207eea6ae2140714d3d57864ccee63322ffdf714abbf92a514425428

SHA512
d855acb87a0ad86cd95bdeb05d0e97635fcae784d24098248d319edc7a4631081a32818cd5527952f258c4ec726865feadd9ca1a0011f259fe33949a527ed62c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b778594274327350794f19d0df99793d

SHA1
a8742814828cf7e47e3b1c1efe1eb25dadef453d

SHA256
fe2a84b5d7bcf6aebb57baefd928444ca203f7c59b888d9913b4a0d055229871

SHA512
8b40872607028a89627eb3c5edc8ad9d758a906a6da2f2011bae15048c59012f85378a13003471fd8b5a5edca376abdc01f849c09dc8a5484dc0fde53799d097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit