7da45d79f1271af8a422d76bcb9501c3a5148b1a826688fbb5f23603fb952e43

Analysis

max time kernel
32s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

##Invoice 0179_2023.09.11.htm
Size

3KB
MD5

7ef7c92d9d55f3c493e3fd07490cb771
SHA1

86f5a9ae9491b3824718effb1aaa96a663f5f0d4
SHA256

60c27b44fb784391e056e15a346920559778702ed61371abf5e513485f3b7a19
SHA512

f191fa092e118925134790309f24b1b814aa7077c3157ebe3e3363b9f9f4f18f0f99bad7c39e6421aec7baac985f8fed72639788de5899d74ab734e766d5e1b1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396084169552898"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2336	2340	chrome.exe	68
PID 2340 wrote to memory of 2336	2340	chrome.exe	68
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 1096	2340	chrome.exe	89
PID 2340 wrote to memory of 4460	2340	chrome.exe	90
PID 2340 wrote to memory of 4460	2340	chrome.exe	90
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91
PID 2340 wrote to memory of 5076	2340	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\##Invoice 0179_2023.09.11.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcb349758,0x7ffdcb349768,0x7ffdcb349778
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:2
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3348 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3764 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5204 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3280 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5436 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5708 --field-trial-handle=1728,i,14205691663939981629,6929032900467052739,131072 /prefetch:1
  2⤵
  PID:3076

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
58f4d6a2760f6327c49d1d89d3b57648

SHA1
b92b9838b19124da3a4db53e448e3487ad203a17

SHA256
5c54fb521bd6715679bb5fc52aa84eb29c0174314ec86c83cc46ed09247a8b11

SHA512
8adcc48c6fe0b85b7318c8bb51a522613b9947883d3f7e123015c5e9d988906718c24901fc50fc323312c906a12a3038b8f87c2f2ba6fa942f71b6ef83c033c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
21b568b62cb39baf84f4e95522eaa076

SHA1
527c46ab1c970a1e965bb080be4c57d7326cd81a

SHA256
bf4b23103a7a14f8e487775e087e90503cf1ceee952082c686f04ce52a52a691

SHA512
3ae197572ed80b3441f12ebad68eb20177fddfe3a156ff20af574de5038e92ffb6ac45adec9fefcb2f1af9c24ae2a214b24c90b0c93d2f1451dccf6d476ffae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5c00a7f016eb2b203a7cdbc452b80e1

SHA1
e5f85fa3bb53642646aab2207582824ce6c913f1

SHA256
3a947e148274e31385d817a9fafa77c5717e9cd730ba515e4f79940a1a1b808b

SHA512
bdf6728434874be4fdbb2c40fb7475be240ffd7711f6b5d681e3be01e36129807da7044c03fb039a6b48cd96c403be7e34273f4641cfebffcfd23bdf0a48ee39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60b6312843baf3f9429884f9cb78a3c6

SHA1
9b868c07089d7408139707988e7d9e06fb5bcc6b

SHA256
8a60e024ef523ab9e3f9d4716ae57483d5a066029721ceb9905e7083c1a595fa

SHA512
7e9a33f3a820052b34bed59ad29276029cf8a0e67044671a743e773e6bfb3a181592113c3dcba3d06eca413b57a76e54fa13d9336f8cdd1c78de33bc0713117f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
15a460fb06868eea1fbd4b4b884e3ff4

SHA1
28094cd9f45e96582c52576b497680361bb216dc

SHA256
aefcb49f86bd21c6aa30734e0f0c1a33255da6052d5b5289062350f687c8adfb

SHA512
1615e91968c02f69c047e9e0ece032a7ce3606dc996bcf1cda08cfe9b54f14a35bfcc0a7d05f6a6ac9a47a9a688e5b8224cf74afdb5686a8c974b5c2e324cf6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit