296d61d267274ee792e0675c2b4bb056382dfab82896ea88453d57b12a2460e3

Analysis

max time kernel
299s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 08:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

409d598c4d5d1ed82002ee3229231d4d.html
Size

134KB
MD5

409d598c4d5d1ed82002ee3229231d4d
SHA1

d1213dfd032c41f6b20edb5a9dd490176ffc9e0e
SHA256

9674dcbf1726ffdc478338c9db4625a15a9b6a31fe69db6554c5b9bb899de0a0
SHA512

f51c04cd621472344e928561df57e79769a73e7685a8c0fd50fe4b9810383bd217a0dba3fe9ac1fc54fc701fb1fff341f5cb25626e1271ea14db66da69a96646
SSDEEP

1536:Ox4k/rWu1aPLz4jv8swLE8WLwXCM5X6PW4WD7qjfyRQx4Hx4MQyIMe5Y:OxHYuMOxWxb8Me5Y

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374256712197000"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4056	chrome.exe
4056	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 4744	4120	chrome.exe	83
PID 4120 wrote to memory of 4744	4120	chrome.exe	83
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 2724	4120	chrome.exe	85
PID 4120 wrote to memory of 1508	4120	chrome.exe	86
PID 4120 wrote to memory of 1508	4120	chrome.exe	86
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87
PID 4120 wrote to memory of 3368	4120	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\409d598c4d5d1ed82002ee3229231d4d.html
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe31c9758,0x7fffe31c9768,0x7fffe31c9778
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1872,i,15601904568355611008,5811577530034822433,131072 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1872,i,15601904568355611008,5811577530034822433,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1872,i,15601904568355611008,5811577530034822433,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2736 --field-trial-handle=1872,i,15601904568355611008,5811577530034822433,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2744 --field-trial-handle=1872,i,15601904568355611008,5811577530034822433,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3552 --field-trial-handle=1872,i,15601904568355611008,5811577530034822433,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1872,i,15601904568355611008,5811577530034822433,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1872,i,15601904568355611008,5811577530034822433,131072 /prefetch:8
  2⤵
  PID:2720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cab69003a077182296901acead686bbe

SHA1
d5e1f082d881f2b2943a8643b2de59551df69497

SHA256
066aa3cdbc920ca9434b7b2ec7f7d38141fb49c04f10816574d74feefdb2a294

SHA512
eebac04eaeff4f24c91dd581896ad434f2a734f24550209e48bb94d8b7cda311668a41452e6785ec46f86c4d67a1ab2fff2d1971bce261f6b3d263cbcb565a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
aa89558c8c47315474a35bebbe3c31ce

SHA1
f370c40489f911bed5bf5435998ccb9576e0b6be

SHA256
83ecd91cc627fb83f592a626274f47d52cbdf4be4d59acf957df6e79ae474989

SHA512
b9d262c9a0cdec45360568a14acbf13b20bf1d39e317ba6f8b71520e91a106f413bf83c89dd7c7a6333903b32246fbb930502795d3d90ba9c7a58b8231db0edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
642d5edbb3821d8e16f152f5db722368

SHA1
ccd034ba52675e9d6262e480ba6b5c72b6253c72

SHA256
bb83f44d12bf4d9f98b18d14086a51a2fd5512005728c4454050c7f7fdc5469f

SHA512
1efb4b0d6ce870945823f96e8a76b6b47ca41218188e7076d0f6a5753a276f08b6bd0c7ffe31bd0f43f305131220b2a413d2998d48c164d94561041b28d0aadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ae2314d171166b84481b6a468b0b801

SHA1
5ca65a8f3ba8a0547957001845ef7521391370d3

SHA256
b15ddb0d1c50c533681fdc04a03b28cd0fb7d5541e832e7e85a313bd5ddcb27b

SHA512
1151a671ec18580536f45d082882221ad80df642ffba4cb5dd82a2726280d167e83d14afa6721b25ffbf08219ec400bd7aa4e0337be7722e097ce6c5abdbb088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
13433fa493fd8c7c2856072c1d8dee5e

SHA1
b3ac4d69006fddb9e973a995130351e13b4a4220

SHA256
d484f96913c4f69066b3f86e770ae24743af467ea291bad622f4471ac67edb6d

SHA512
ceb6c4acfb2adb4415213cff8cb4945c485b199f9d681b4bc173466d44cf0b430efd246f3c76e77bb17d7c92559a623255a638416fe7061e948abea7117a4f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit