76139c2819feb347d3d46e5526e83297e1d832fb843bf4715aca49f9280e53bf

Analysis

max time kernel
1199s
max time network
1165s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 04:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

securedoc_20230824T144700.html
Size

1.5MB
MD5

4db3ba932a596bcfb3122aa31e925e2b
SHA1

27e8d61efa665bb209e4fc58488a60338494a0b3
SHA256

76139c2819feb347d3d46e5526e83297e1d832fb843bf4715aca49f9280e53bf
SHA512

77fb7fe2bf9a3b08fe6d184e2b9220469104115bbdfa4365907f102bd22599de1073adbc06a3bd9a1e32eeccca42380d6843bd99841e290b91820de7ca71a3eb
SSDEEP

24576:cWDWDRRmO9PQSGkyoROTnuhXUbNzbyqwZPln8i8WSUGdeN9WTJhxB10kMg:SFQS+NqGsuHb7

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374101909578192"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe
Token: SeShutdownPrivilege	4000	chrome.exe
Token: SeCreatePagefilePrivilege	4000	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe
4000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 1280	4000	chrome.exe	31
PID 4000 wrote to memory of 1280	4000	chrome.exe	31
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4504	4000	chrome.exe	82
PID 4000 wrote to memory of 4416	4000	chrome.exe	83
PID 4000 wrote to memory of 4416	4000	chrome.exe	83
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84
PID 4000 wrote to memory of 1656	4000	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\securedoc_20230824T144700.html
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff858db9758,0x7ff858db9768,0x7ff858db9778
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1900,i,12599949524263002421,893478401405294117,131072 /prefetch:2
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1900,i,12599949524263002421,893478401405294117,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1900,i,12599949524263002421,893478401405294117,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1900,i,12599949524263002421,893478401405294117,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1900,i,12599949524263002421,893478401405294117,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1900,i,12599949524263002421,893478401405294117,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1900,i,12599949524263002421,893478401405294117,131072 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1900,i,12599949524263002421,893478401405294117,131072 /prefetch:8
  2⤵
  PID:320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\93d3866a-5075-4a62-b171-f45bd60f4142.tmp

Filesize
87KB

MD5
51f6b8152f52e7e1f1a915fd165f313e

SHA1
0f479528f9bef13e09f59f09f639a90522a56c2d

SHA256
7b55b80154969943c044d1cfd9e2b69ec78e5e4876112dff9c33f08ceb84e786

SHA512
c1914bd42fdb190293892b85387d78a1039af9cc169f5a3976468b4132341020c5e43916c73182259be3ff5851252eebfddef96516b62c43b67c456b1ac9ba94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b2c4e77930f27ab1668cd8fd8e8de2c3

SHA1
c4aa76db602687a05d3efd80feb0b3ab7af08130

SHA256
b3d4dfe3ac0382e395c7a3a57c2bbf99b753ca741732909f45826a953232f15f

SHA512
143d3594c5d6fb60e329e1bf7682a62d1922366ed55d296ee2ec5dd0016afe10a495f750c401c9341aa867bb455a46f9e7ccfe3bb69c6ba32b099996fdd5c936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
728f2d38bd18c5101aaed223539248c3

SHA1
f3ee2f2fbdc3295444b9dff5eb30a64f4712a5cd

SHA256
82d6cfeaf04a35a2d86e6ab32514e9fcbb7ea4ff2b5ab208e072ebfc8a38e109

SHA512
301f832a54d7b8f2c2aab6d1ad3f27305c674499dde145f13719d0b2d95329501ef929139be87f153dbbf270ccb0925561e2c448611313dcce60c6d1d99ea7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ddf870615f86d872fcd2c3a823cf54c3

SHA1
26c413f6002569c2ca6cbb40a4625dc5a61c4de4

SHA256
cfe8eb4c6021ef8f8e78b3307d2671ff1a9a87ef81c5de602ac8bf1e801889db

SHA512
49b2814a74375c1d469deed2a7792cd6013e59114b8c81ba3c01e0c86caa85456a876955e774707ec1abf82c6d844b0251956e07df28908f9f8e13ff15808869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
84705017dea26ed51f13380a9f1438d7

SHA1
19a0b8c154fba52224e707e5cd0a5950ccc11c85

SHA256
4bd5479731176e719dfcd4a84f2b0f0264691ab176a0d03f7a93ddc19e3e363b

SHA512
e260f39a7d9a6f0ea17e4a4f1f9c41bdee05660481d243bb394deb8be6a9478bebeeebfff6d352edfb99a3ebc2d8e3dce99ffdc52b778d08613d2d03466f2278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b2913b8c8c641a86da63891fdf056d4

SHA1
6682fd34a29387e14b834047121750907767c82e

SHA256
cd4ec534fbb5963ac7a17eebdeff8371ca4f2cbfb6686afe72fbdbb87b9e39c5

SHA512
5ed9102a734a05fe2a5f8742311e67a19cffe6ad1744c070e0ee924433fe244bc38a17de1993d4d2db93d1a030018d3f9cb6793bcc3160418982bdd1d3533edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce529fb583860c544631d82fa341e873

SHA1
1f52652579c30e930a15633dd6c7530433e13616

SHA256
ab1afb491aa7d300274307169aee1b443d3601ce82d3ba25d6b1683fd4bd7081

SHA512
c9435f82186196f96f43373d412e35a6a3d7f292d8d9fca925d35058b829812193b82d2d8a627432a5bfdfc82b83fc5ec17d8d87465b37c6e30d749c98f79d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit