hxxp://www[.]com

Analysis

max time kernel
1805s
max time network
1709s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133417611016806405"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
4516	chrome.exe
4516	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 4924	3192	chrome.exe	85
PID 3192 wrote to memory of 4924	3192	chrome.exe	85
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 3424	3192	chrome.exe	87
PID 3192 wrote to memory of 1584	3192	chrome.exe	88
PID 3192 wrote to memory of 1584	3192	chrome.exe	88
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89
PID 3192 wrote to memory of 1060	3192	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2f369758,0x7ffa2f369768,0x7ffa2f369778
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2772 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4660 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2520 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 --field-trial-handle=1880,i,90126947918620980,12557875190236953595,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d2f5823256a7fe7249c7e9dfcfd183b6

SHA1
ea6426a04010f4ddf5ae1f9c9ea3dd8c9eb33a22

SHA256
16638d2c213570f5a663bec1390f7705f10d5e3a063b7a8bee0471e34228950b

SHA512
a407bccb1127b6b5cfc6541c7dae32bad94ac65e0f619cbc1127f46eae8121963680ed50136966a68b59a5627629feac3bb30549215c5eaa5f0c2c14829a55cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
914cd61e9716543bb84b01319befd484

SHA1
e98f3eba77c8bd8896d013cddccdf705878a182a

SHA256
bca0c7d92a58b76f4b54dc4212c5cd9844f693739ec8fe8bc45fe4cb8ab738f7

SHA512
893638c9d93dfbe35c3d40a11259a1ec50cfd3c481075c8063a5beff8127c46080c0e2f4e5dc438fe455b48216787deaf63b5346fd97c954fce896677337e6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
00df59d36fc9287ccc7d6b2620c37c95

SHA1
1915292646cb107412642d627e1a7b78b769fe51

SHA256
cfba88521bc90072dd03a0e8e24424adc84b574668a43dc5daf171f1430e0c87

SHA512
a2111e2ed1141fb573a89eb45d614f64493f6ad53b11d989783daab7857f6d029376f742e34b8cdacd30da264984bdb1bb1ab56db165b5ba8cfc5eb66420d207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2c5ba0922be34a19d36f9051d2bfc12a

SHA1
0b36bc6074d6aaebd63de61d25fa2ae472dadd40

SHA256
10dd908c43ec5145c550e2a5133d72c3a1df7346fcc24ac4b621f00c0f36d6bf

SHA512
5018dc552bbf855b7e49d0557d29558bd5760a46d7bd0c8aeaff8a53c072d589616f5c886ede7c165aba5ad173a0d89bc90bee80c9feadbe4ed1bcb85f5fd619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a97d7e479778a51df2ce971c89f4c04

SHA1
47054a502716894a2582faeaee560f6dcb87dee3

SHA256
0f0b96f0676398fc8a22b5f365cd5d39bdb9a709b4a2b444023dab6f23071008

SHA512
aad5801a3f77e8657dc5830c2f10c64536fbc9d74bcea24bbc90154f9116d7fe3464f3f0c8a9dacb4111ea0627b085ba2971ec8adcfd84e02da40aefcbc062f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
7f49c4e5ef0aecb54f86dbcc27bddc5e

SHA1
e336c10c1c82e7260704727cde39e7fb60b6cf7d

SHA256
7684bdec7a4306c195675ab19b2e244075d195330434f02d98403085d747c11a

SHA512
6aa3db6a19412b040d3c916efa3db4797a0b36afe9ae04b166945076d858c2ee7c534ca93acb8ea5d65229ed8c8126d3d03f715f60145383c9c02e0fb921d87f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit