Analysis
-
max time kernel
162s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
18/10/2023, 21:18
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133421375712257425" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2508 chrome.exe 2508 chrome.exe 396 chrome.exe 396 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe Token: SeShutdownPrivilege 2508 chrome.exe Token: SeCreatePagefilePrivilege 2508 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe 2508 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2508 wrote to memory of 4024 2508 chrome.exe 34 PID 2508 wrote to memory of 4024 2508 chrome.exe 34 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 4740 2508 chrome.exe 86 PID 2508 wrote to memory of 2360 2508 chrome.exe 87 PID 2508 wrote to memory of 2360 2508 chrome.exe 87 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88 PID 2508 wrote to memory of 4992 2508 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://login-authenticaor.com/?frbewtjv1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf51e9758,0x7ffbf51e9768,0x7ffbf51e97782⤵PID:4024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:22⤵PID:4740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:82⤵PID:2360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:82⤵PID:4992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:12⤵PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:12⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:12⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:12⤵PID:4132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:82⤵PID:1428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:82⤵PID:1148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1616 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:12⤵PID:2528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2284 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:12⤵PID:4476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1896,i,8775426869066328521,13274454808515018243,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:396
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4000
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD55215655142b1981198a40ea7c829f64b
SHA1f193404a9a23a1c6149329c7d51343bd6c4fec72
SHA2562c92b93afb8690e94a234c473c4b88c9aa37510e78fd002db0491ed95352e4e7
SHA51298c339d54849282bcec76930a0171e40f27093372fe235a9b16545edb0c8ee317365cdccabc9fbda17e0b36a974471b2d7894415c3069dc263d8cbfd15038cee
-
Filesize
1KB
MD5be7743ad1c8f68cac63ea3a72a0b451b
SHA163200d31939ed4ac1ef634734fde0dda7e7a34ea
SHA256d2d5324ded069fc8e0dbe67697d722f5f335384c2fc2185d5d529993e56b1e1b
SHA512aed3fd873851727cf97aafbc8f8a564e9295b6e72c9f045b2aa59849f411549db8057e188d47f497c420246ae1d864caccb563125c43b3118849b31b8a22c72d
-
Filesize
872B
MD521ea0d8fe07423c2fa421d39aace9df4
SHA1c540a6ffebb024d25c906b40396f200fe129b9fe
SHA25609e13a2d5cf128d20a945ffc72df146146ab8796ea459c081aef940c244e8a8a
SHA5120ab081a7f738ec4bfb2a3d3895389afcfb9b134c99f1dd0ecaf6316d162b84bb731e63fe5d306ee96eb2cfa06385ea7dde24ce0e901aeaa7eac53ab19b8eaddc
-
Filesize
9KB
MD504764f71b31906e2f33e7d301a6d1902
SHA1e763b8ea8fa52a0bb5b9071e443fbfe51e8a0e1a
SHA2560f51881580528da56072569b04901d8e7c35cfbcb261fa19cc382cc3a8f5240d
SHA512567c740fceaf1e0f96046c7d5309db8b15cfa32f4371729905ca4a243255bc84f87ac6ae2692272592bb4bb8901592710c52cc8a008863a435267e1c887d41b8
-
Filesize
9KB
MD58ff14b238aec75227ece9e7e437aef34
SHA15c433a94c37a56b6ef65a02462bb29270b649d90
SHA256dcff1dc736ac1f83e0749cc6148c860da369d6792cea7a3543293b8535de9b2e
SHA512d06da81b9aa272e957c42d3f20246ed15cc098b163574634ae6aa4730d50f1366b989304b500dc352f48acd3560ed15693c39b1a4b540a7d94a53af15a9a3b83
-
Filesize
6KB
MD5c46c963ff489cd64b2daca59e4450bf5
SHA19f276956d11e98c477540343bcbae8217bc2c298
SHA256c4da01e2cdc88fea6662b7b89d5cb9f44e1ca2800e1daccbb6eceb5b9403cb0a
SHA512cfb8d724e30d7d86a050e1861a8925b08091e97e9ece0c20357c9e2bcd58e7432969b130334eff2ba211e940a6fbf596518c8ba68a6275185862d3debacecbba
-
Filesize
101KB
MD5aced2b1076923a164576fc2e33e42f4d
SHA1fa02b707ebbc2a192c8f98245f39dd5941f05916
SHA25692de9f27b5fe4f21857bb662ae944172994fac3bdcf891263ae1def4c9eec7ff
SHA512590f18a70bcc45980fc12285aebc5066978f7ddd75d276740e6b8081a70e42c860709dfaa7ec6d835d0b50cead67f3d7f093a545fca42c94e2404991e9cf1134
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd