hxxps://cdn2[.]percipio[.]com/public/us/custom-content/6b4ab482-5e98-4eb1-8996-fcffd6173f02/public/images/saved/d71226bf-5747-4b3e-9576-cb0b0bc16e1d/Icons2022_m_eng[.]png?width=370

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn2.percipio.com/public/us/custom-content/6b4ab482-5e98-4eb1-8996-fcffd6173f02/public/images/saved/d71226bf-5747-4b3e-9576-cb0b0bc16e1d/Icons2022_m_eng.png?width=370

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133368642946560976"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4516	chrome.exe
4516	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 4436	4272	chrome.exe	63
PID 4272 wrote to memory of 4436	4272	chrome.exe	63
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4920	4272	chrome.exe	84
PID 4272 wrote to memory of 4860	4272	chrome.exe	85
PID 4272 wrote to memory of 4860	4272	chrome.exe	85
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86
PID 4272 wrote to memory of 1976	4272	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn2.percipio.com/public/us/custom-content/6b4ab482-5e98-4eb1-8996-fcffd6173f02/public/images/saved/d71226bf-5747-4b3e-9576-cb0b0bc16e1d/Icons2022_m_eng.png?width=370
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc5169758,0x7fffc5169768,0x7fffc5169778
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1880,i,5397033631831655964,15988094363718816676,131072 /prefetch:2
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,5397033631831655964,15988094363718816676,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1880,i,5397033631831655964,15988094363718816676,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1880,i,5397033631831655964,15988094363718816676,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1880,i,5397033631831655964,15988094363718816676,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1880,i,5397033631831655964,15988094363718816676,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1880,i,5397033631831655964,15988094363718816676,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1000 --field-trial-handle=1880,i,5397033631831655964,15988094363718816676,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
899B

MD5
bb9eecce38fbd4b425d09c9ffe69f2c5

SHA1
9d9dcc4399b07e291fe2b251ad2db5bbf0d8af86

SHA256
41563f6eba4cd0e6c1cb45dbb6db51f0e60749208a38d7ef7a2fa2ecb7069057

SHA512
778b5f62f5e6ecc87395a8cce8124faa8139c23fd3856169ff215527f8daa705fc39f9a783151dccb6df6bf55f1bb5861a8fb3996d9476524aaf83968003c14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a47e30126af35eb5e71643916b5a5e18

SHA1
8a6f825879a6e3e12df643259fbb49aaaa4bc552

SHA256
60618e82b4b5119576da4775ca79fbad953ed3e4023009f8ab588f044c3f6f17

SHA512
3b3deb217e351b8cea86d24c0a104ce17b525831a0eb7c34a22d269f17916e5ee45ccc28864c979ef816dbb685b17206ee0aa90c7ff7a850280812c8dec682f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d4067b886c16bc11b618e766df4cc220

SHA1
9bb2510be9eb1989c1c3f10c8222b982a8ac4d27

SHA256
05c1dc94e4e89ffc05a79a31371629a70bdc12f5dc2ca91d0cf82c72cf50c891

SHA512
f93179263e03942120c8a1f6ee4b35a3fc0d44e486a72b549e92ae052c341381e060ed7792bc3d61cbd21c7e9fac54ac92bb4e8d4475c1bb2e391bac3d6a174a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit