bfa15cf2c676dc29bce4b99c7a6450db39171a0bba099e2490812876db8df1cd

Analysis

max time kernel
311s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 16:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

116KB
MD5

e63a0dc291903a17d7f3eac35219ea30
SHA1

548c77aea13b4affce6f1fdf8fa97345bed0aa4d
SHA256

bfa15cf2c676dc29bce4b99c7a6450db39171a0bba099e2490812876db8df1cd
SHA512

bdbb8085912a276d8753be13f7d6351b03fd2c0ffb38f7ae395f37abefa7487fcb0b24235ab044eb24534156596b92cf6910c936bbac3772c6be5a3501111359
SSDEEP

3072:OPJxlKJi1gJirnJ/Ub9Jxl6JxlNJxl12is9bjANo/0RqB/eaG:mJx8Ji6JizJ/YJxMJxLJxX21jANosRqg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133416876776058469"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3892	chrome.exe
3892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 4492	3068	chrome.exe	85
PID 3068 wrote to memory of 4492	3068	chrome.exe	85
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 212	3068	chrome.exe	88
PID 3068 wrote to memory of 372	3068	chrome.exe	89
PID 3068 wrote to memory of 372	3068	chrome.exe	89
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90
PID 3068 wrote to memory of 2072	3068	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffd208e9758,0x7ffd208e9768,0x7ffd208e9778
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1872,i,14225018141947189713,13031030582686768254,131072 /prefetch:2
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,14225018141947189713,13031030582686768254,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1872,i,14225018141947189713,13031030582686768254,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,14225018141947189713,13031030582686768254,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1872,i,14225018141947189713,13031030582686768254,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1872,i,14225018141947189713,13031030582686768254,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1872,i,14225018141947189713,13031030582686768254,131072 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 --field-trial-handle=1872,i,14225018141947189713,13031030582686768254,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0d988f3a3190dbd579e1616c0060c76f

SHA1
157dd4454bf31081481af909e1ae01ff8bd50e2c

SHA256
bbccb8c41500541399e0dfe8e3f6e62a286e312c301d1a23028ea7c284e67cf3

SHA512
43d0a816f8e821381d53983fd684807978e23066bf1cd0677ef5b01fcbd7268f9049a09ef2599331ef5ee8bc38c335bf730abc900b2b40a0e93e6b537ac38d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
87876d6c8519edfffe32b35ad9dc7e0b

SHA1
413979fa5fb4b128c6c593cb0d16ad9e06b2bf3a

SHA256
329c3b4f494074afd537e7a6cbc3078b903c13cef88c5ea5a15683ca8b88ab3a

SHA512
206974b63aa84b3c817e1132e6f166d2024863f227e5d272e35e6ef98514af4bafbed148a4d0b68cfce2923f75b621c80ac0619597b8a7cf66070ba90548b5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9901fa9d784c93bff4c7d9d25f7ff471

SHA1
c71e1dbf35735b5bf28031f7b46b659520f989dc

SHA256
5f0489589098672401266157f446241692f96a9c7f5e631cd7d53a2552238a43

SHA512
1be2441a0b709ca723121cfef5c55e40a40222d78d54b9e2e77a9f0f3291dd15786c0ee5b22357673b0f8a34d2dbc2f8979055dd76d56dfb439f97f577d16a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
435781637ad89b64f7ab563c6cfc2b27

SHA1
6f4fc5325436e74198f47248ba0e613327044931

SHA256
e276e02eaba4bf52e496eeaa1b0cc5b24bd0de021e3ec2fa3913942f0fffe8da

SHA512
26c70ca92ee5f30389e58ba63f1c1884ce0883acd1d7d0d33016c5ba3dadfeece41980982555648670a5212337fce5d3328d8d116a0026414fc028fc66507242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5e0e2ebdf1a4dc8fbf4ae0aa7c47cab6

SHA1
331d17f0714ee8aa6e4e4c2769626afb958c02d5

SHA256
f595e6d1a6aa8d4f0ba4935515159e86334957474c41fed744f486e29d21234b

SHA512
3f8fa53c4449867004638ffc370e968edb70a69ef16d822952e8f0b9612a4f036fa87fbe670388a7f518bf230a9faab972985da2f99e746402101f4238ee01b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
fcb134ea8ca08357a006ecdd8d798f9b

SHA1
d71b46de6d0ad2fe025368128611683169e023e4

SHA256
9695cb5239d8bb7d8eecb6cffa107060e0b993c6ccaca9319fd907ee5bf4a827

SHA512
782aeda010dd477e9431965fda59c597e02dd56789161ad4b42820bd8c9523c9df8176fc747083dfa5bb90e037e3ee3c3e148fb7fd79bcc4870488bd4ad74842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit