hxxps://fonts[.]googleapis[.]com/css2?family=Montserrat[:]ital,wght@0,400;0,800;0,900;1,800;1,900&display=swap

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,400;0,800;0,900;1,800;1,900&display=swap

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372500853696066"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
1472	chrome.exe
1472	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
548	chrome.exe
548	chrome.exe
548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe
Token: SeShutdownPrivilege	548	chrome.exe
Token: SeCreatePagefilePrivilege	548	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe
548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 1396	548	chrome.exe	82
PID 548 wrote to memory of 1396	548	chrome.exe	82
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 1284	548	chrome.exe	84
PID 548 wrote to memory of 3304	548	chrome.exe	88
PID 548 wrote to memory of 3304	548	chrome.exe	88
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85
PID 548 wrote to memory of 3760	548	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,400;0,800;0,900;1,800;1,900&display=swap
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfb649758,0x7ffcfb649768,0x7ffcfb649778
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2592 --field-trial-handle=1916,i,13811491502290363314,14896168452813118760,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a1d725aee8be5792cf46fa0f691f6928

SHA1
f5717d187bbf05abc3d4ba08b5c382a40ddb6002

SHA256
8f9285efa753f4217c84919100d8895fcc76c842a022e56762a28ef8c90ff537

SHA512
a0158c40d892de9e522b6c0392ab6c7ab1aacd0899cdbde726e93f97d35c6b8886f1d7710df0c7ec7486a013133714f45a196938d0fdee92fce575895a14dd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0d690b557fa08402f3d680839c5bddc4

SHA1
f01fbebe343c454b397b3b5ba95e57a52754203c

SHA256
5e522551abd17994046fe3ed73c0e0dc47ab6d49132eaf47655b5c13e278e622

SHA512
e88473a00986becae344cee28e538651ed301271f57f911fe219b921ca3eace1555ab32027dd91ba1d7cd4aacc4b0e425505c15716f929ac644851ed0be199c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
690bfc834ff9a1474adec77fbb77e7dd

SHA1
7ef269624912427aea7780bf47bafc144686d0a1

SHA256
ab06c6a251c587b87aa6c72de39a87f5fc6c073d2f8c22cd8faba1eee5695be7

SHA512
33cdd7dd7ca5ef763a92611138a2136633f53878a87d4d9477585d79ba90ec93e676187d34c77f134b8728b5bbd060a2e4b29a92d9ab9b5fd6e205aaed9fcec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d048d305b419acb2236ec0868bba15fe

SHA1
19bc14194c363305b6112655045f56a231209c34

SHA256
b70d554a075648d00f7f5bcf916ad2f951bf3c25b5867849b9e62eae2e7e4b47

SHA512
8cf1bc856f0cdfb100f71226a2e75ad22d8ab127129407c111365e1e0c1795dba0266a87a7712e15bb631d44a4dcd46f6620f4b6b5c743f408ca15f676610e5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
6e07480ea54f8ba1111123eabb2b3501

SHA1
23208ef4ad371a6ff3af5dce791d5a18db9045a8

SHA256
9a33fa712019a30e033901b6cd54d86f0567d195feae2865d096432701480e0f

SHA512
bf27724f62893031ced21f95dce1e2ef4096ce5b4c1683df7cc6a734ed5b86c56378152b44df450b070b789ad07bed187ba0cce69db3a73b1ad04d1e95502411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
7f498687b7d486930e5c4133467024a0

SHA1
3a47a2ecc30029adde0a2a2a5ee49987d1dac863

SHA256
b894cfe384dde294a76ed117824fb0496c3ded9ef6eab2dec1f836ced751236c

SHA512
4a353278da5f08f8e9ad3226984d579d5a942e90cebb24fea59cdac07b378c83490ff579539e120984ed892e506d23cdf867abe71f30459263ffec79c9760d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
b84b016d373f6d25115359cb6e92094c

SHA1
67d0421721cd182ec55966d70a6fb29ca82ecb2c

SHA256
420b43d219e3235d94aa9241f006817898686003ae467c4ae32baf2e59774bc7

SHA512
f08970ba918b6091a7050e54633e3e615d2aaf7e68ee894781e32c6e5a874e8d358b422096d7603d00bea18ccf9f3d3974b249848587ed142c6d55a4d38856e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit