a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2023 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XYzNwUU1sWXhOWEV5VjNNNFZGZFRSbkJrZVU5UVRHMTVSSGhEVTNnd2RqZG9iSGRHZUhkeVFsaFBTMHRzVTFCdllqbDJPV3A0ZUh.gif
Size

43B
MD5

07fff40b5dd495aca2ac4e1c3fbc60aa
SHA1

e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
SHA256

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
SHA512

49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
1476	chrome.exe
1476	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1480	2176	chrome.exe	78
PID 2176 wrote to memory of 1480	2176	chrome.exe	78
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 3984	2176	chrome.exe	80
PID 2176 wrote to memory of 1112	2176	chrome.exe	81
PID 2176 wrote to memory of 1112	2176	chrome.exe	81
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82
PID 2176 wrote to memory of 3856	2176	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\XYzNwUU1sWXhOWEV5VjNNNFZGZFRSbkJrZVU5UVRHMTVSSGhEVTNnd2RqZG9iSGRHZUhkeVFsaFBTMHRzVTFCdllqbDJPV3A0ZUh.gif
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd2fc9758,0x7fffd2fc9768,0x7fffd2fc9778
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1888,i,4116197173708135772,9144177528016935525,131072 /prefetch:2
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,4116197173708135772,9144177528016935525,131072 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1888,i,4116197173708135772,9144177528016935525,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1888,i,4116197173708135772,9144177528016935525,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1888,i,4116197173708135772,9144177528016935525,131072 /prefetch:1
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1888,i,4116197173708135772,9144177528016935525,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1888,i,4116197173708135772,9144177528016935525,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1888,i,4116197173708135772,9144177528016935525,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
eaf9455384ea0686943443785050f8e2

SHA1
3be1d441ac844127b98e34138106b98bd1a2bf02

SHA256
127b99cc4200327851a1dbd55fdd6d88584bfa80e2da58fc49323e5c52f0d6a1

SHA512
86eae06195473e68917d709bad1204c58e148a8da8e82d4e55733379d17b1d3e84497ee1f1f0c2d49451670ca21e448e64c9f60f1fbe2f9eaf26cbe8fc6f7984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
783e4c7f720bb51d9fe6713064018451

SHA1
5e39917881a9d00a2875b158a3814d690badc8ea

SHA256
7124e00add42b328110fc5e1b4cd48057bd5902c12bade4cd4ed956e013f9d45

SHA512
0919afb598290d53e281b40c8c1845744d1e7dd98155c78417fc806cc1838eea0f0b76bbe8bc16c6f12c6e36f706830c1c41dcff24b427de7053cd072dc20e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
abb3a5bb2a1b7dd9a8b6e4f730470a47

SHA1
e28ed45dd2a3e559df4fc5ae757fcafd02033548

SHA256
fafa8e1dd7cefdc9518ce08999fc0250e622f3617347c110f07e8865a632d93d

SHA512
05ce87d96d961e090cf0f8e5ce90172aa8a1c987af5b145d0cc9ec6260a3c2eef20cc213b157d1f65894a852c473a72512a2431bb89162e3a304babb343b3b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
9fc050cdb4bced1e353b032af807e1da

SHA1
00dc6cb4694c2870596af082a21f223ed167fddb

SHA256
e99cccba5a87c2d5ab8fbf8b45096039df22087e5b96b8ac2addf32c5b1a28ec

SHA512
1c6aa06af3bcac3cc5305ae092e33454016f77318e351cc02f7c4378a18b39777a5895d448777dc5b517a20178ababdcd1f26c5d9a9117c78c24679e0351b7ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit