hxxp://harbisonint[.]com

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://harbisonint.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373744118614316"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3464	2316	chrome.exe	60
PID 2316 wrote to memory of 3464	2316	chrome.exe	60
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 4480	2316	chrome.exe	84
PID 2316 wrote to memory of 2908	2316	chrome.exe	83
PID 2316 wrote to memory of 2908	2316	chrome.exe	83
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85
PID 2316 wrote to memory of 944	2316	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://harbisonint.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae3e09758,0x7ffae3e09768,0x7ffae3e09778
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4820 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2904 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1876,i,7735595234614902437,7137616287005060247,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4164

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
deb545340ce6731b9bc294edd275ed58

SHA1
93377608e3b9c8735efaf28e8a2f98d97c56106a

SHA256
dd4ff1296e8ad5994f2cfb8a7a008853a83e6d31bd14165dacdf7864c6ffd16f

SHA512
b9b175e07f11a42303ed8692d083f6b6d06da2b5681109e74b98e3571c104e138967d92ad149ca2be0d49edbf3a85a1fd6fd9a30a0f7bab494775f493d8bac27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
23ed6859314525522309d63151039e5a

SHA1
ad29ba150f65226246f4b2e35898113586dc5704

SHA256
0638af8322ec2a1497e6b257a10b8d84deed7da12421ac6f86fdb442215a20ee

SHA512
9ddc2001cdc90ad11a9ae090ff76e06ab80f022d88eaa756c5973570104df771cd43e66077dd26860a1e2e18aa7280c5c909bc7c209e6416c46e75e55f8fdd56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
bd4eeed97b1f41e7c2ad52213a0e407b

SHA1
c93d94325cfb766ae17223f63c0fa4869ae9f172

SHA256
5b88659e9da4828362a1f4381d480273134ee4c22d0c7bb224d88bfac2adfd39

SHA512
b56979e5bd01786c610f455a20d49d42cdba272e490f5f243f98654f5ba7a8adb4946bc2c741a106080954c23117896370f42bc8956c3b4a130d4fee714c9c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
425be3028a851340be0e18d250fec21e

SHA1
f483678f55b2573b56ce5f43b07ff8c8fe8ea389

SHA256
152e42b5ea87bda92738e66e2b3791e3aac62682bc40a73ac1343eb7da340376

SHA512
e9992e004c2b0bc94ad9dd4be1d46a33cef20b215a14b8dbfc632eed5793b0ccb7d274ddbcdd9bd3b395f2fc9406e98ede8c71e063f49e3d5c6af455f470e821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
30bf863cd0e9843a0975fd7b2d32c92c

SHA1
a1ea8c2b7a9947106ba11935a6b35bc3f3346b90

SHA256
f23026f8b8ef163e1fe0b184f8f404afa2cfe25d654d1904d7dc156ec41556c3

SHA512
8ceceaf1e6f6d4b30090eb6dbfb0585c5c69dfa8d3652579eb691cd4197d599a7a1ec8880b6effc4d7feebe71ab3a4ff3386651cb3a05ca186e25e6a1e0f6fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b5013778599aeb746a52e723ba45acae

SHA1
4254d40b6ef8a2fde16fc8ade147bcf577e0f339

SHA256
a5cd1d85fc914d69c563086f46e37a98cec5c4cbce1c95a8192e43baeab40c96

SHA512
f6b15096d0ae9c42088270f9e655d6e7ae192c0537cd96ec7d1f4dcb53a6b6b18524526551b723ae1e23788ec3314357541b3f87d6d6e301edb418ce31eeccf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit