94252f6e0486eeab401214f0500cf6ca267de510a51b7f3e5ff38693a96e654b

Analysis

max time kernel
22s
max time network
69s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
05/10/2023, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

-temporary-slug-593f04b0-7fd8-456a-90f9-8b029100a8dc.html
Size

47KB
MD5

6825c5612f55ba7b8c04b58d1bbfcd08
SHA1

662aa3cb98a9468855101861b653e6e1acd34f71
SHA256

94252f6e0486eeab401214f0500cf6ca267de510a51b7f3e5ff38693a96e654b
SHA512

9ee8e6d9f7e14a755abad78846c1344d0ccb753be25cba2958724004755543dd42e9582a4924ea9be7a75693514a488663dfe651730b337ba35e757594b10768
SSDEEP

768:/h2L4JiYyiY6iYocniiYccWBfVfk57AFq+iu7a+wiie/cPo:/A4w7b+i2a+wiie/cQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2096	1368	chrome.exe	28
PID 1368 wrote to memory of 2096	1368	chrome.exe	28
PID 1368 wrote to memory of 2096	1368	chrome.exe	28
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 1992	1368	chrome.exe	30
PID 1368 wrote to memory of 2744	1368	chrome.exe	32
PID 1368 wrote to memory of 2744	1368	chrome.exe	32
PID 1368 wrote to memory of 2744	1368	chrome.exe	32
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31
PID 1368 wrote to memory of 2668	1368	chrome.exe	31

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\-temporary-slug-593f04b0-7fd8-456a-90f9-8b029100a8dc.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7239758,0x7fef7239768,0x7fef7239778
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:2
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3676 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1036 --field-trial-handle=1376,i,6630926818682584628,5344692623819934698,131072 /prefetch:1
  2⤵
  PID:668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97909d428a3038302a0ccb8b25a4efc8

SHA1
29ff31fc822586504599351492d2fc4fed536927

SHA256
f11f2970dcafa0daf2a6e474d9d036938aebdf8801d45d740527350589a65e3f

SHA512
c0a05bf4d19152f8c0351ecc1dd1a193953c4a767ea322d2eb4fc29338c1bc01b11adabdcfc7f9a9e18c8595b910900262ba30a6423ffdde683ac2fd49e180b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bc6b54cc201bcf209da4c2bb64c6f70

SHA1
2c8da246f9e9b7605d9d9571408bfff14c08f3f5

SHA256
b44cb98247a008cc5c2f00fc3b69ec9df4a617a95c6ee1d4ce9d9792c30b910e

SHA512
0b629824deafea861ad4000eaa880a4de8f780147433a53327e9f7b7d17268156b46718d107845f53337c580fcd533f5bd55420dcb2d796e67fe25853fd5972a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\37b6b6d4-4df2-40ef-83d0-d58189d0c2b2.tmp

Filesize
4KB

MD5
0c65c1554a3d5497d04c53c351e8ba25

SHA1
921e269eab778638c88264f4051313366c9a135f

SHA256
179226279fbd4f56b94e8b499af4a647c2b830e1a393c6c4a2e2f3fd14f3dc67

SHA512
93080f603b1f429fb52586171bb077ed13965e1fe278e4efe66df73ea7f49a5bdeee40397281138cfdf60b6a8f8b54df25082c3d7c1ccca390984ce3d1d4b0df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
533e6b37eff461f4e377dd60622b7c34

SHA1
634e1d8ec486686c39b7719344b1eeba915b9ee4

SHA256
d5cf41b17486452e4abfac687c57847219f5c27c234d53fad34a502793094805

SHA512
db4698b04f2130c7063bad69f74efd119ad0960d9720dd6a1d59c04efa82ca9c3f69d89d8675d73ce6f80fb20c5a54e4ca875db8f0c649f12a31d31784108012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
bcd431444b6d5b8f32cf9ca7a1278dc8

SHA1
4543a6c115f0978d39c4c6af569a79b41cd391f9

SHA256
c3fd59b3d596423dccd17708a97be78bf2824ac30e3848c54ae57e1e43c5cfae

SHA512
e8d1c8004fc8cce019e52e33cf645b55e804014f070b4eb83441e3d901a5c5442483263983df2979c4dd57e4c1469c3c8c65de2b0383e1b40efae056ba7ddde7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
c479366afc6131492f0f872fe6bb7431

SHA1
90b1f46f5cc371e63cfa1962190eafc16b6e49be

SHA256
f4ccb608bb4e55e3533aefb4866e8dc8c3267b96987d5ecf504faf092f0534b9

SHA512
e0fed4e4b5559ca24e2fd2d7c3259b62cc56a8a4e8a0845b7a8caf238bae0376ecaa90be71507b7944a4ec26aa72068264d09e38329a529f117288a47a16507a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
7474f3aa8e00c96678ee07b3bde1c1d9

SHA1
2a245905e86aa08ff530b4c135984b12b9e479d6

SHA256
9893a3928328e1418362dbcaa225f9ecfe1b32b856f8fb69ec16776486de591d

SHA512
aeaa8999f6b154e27622c1187dc6ce611614cebed44340e93d3f0afae7ad50b41c1a6c7752d284d0cbf19bcc6d5d389d4a4f9026ae34f5ce958c2d20b0e38465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab58AB.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar58AF.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit