hxxps://github[.]com

Resubmissions

20-10-2023 20:55

231020-zqvctsda79 10

20-10-2023 20:53

231020-zpldjabe3v 1

14-10-2023 07:05

231014-hwrepagf2x 10

Analysis

max time kernel
88s
max time network
111s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
20-10-2023 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4320	chrome.exe
4320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4320	chrome.exe
4320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 2308	4320	chrome.exe	52
PID 4320 wrote to memory of 2308	4320	chrome.exe	52
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 1516	4320	chrome.exe	75
PID 4320 wrote to memory of 4996	4320	chrome.exe	74
PID 4320 wrote to memory of 4996	4320	chrome.exe	74
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73
PID 4320 wrote to memory of 3664	4320	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9748d9758,0x7ff9748d9768,0x7ff9748d9778
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2004 --field-trial-handle=1876,i,7183023416979186213,6034560397737213041,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=1876,i,7183023416979186213,6034560397737213041,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1876,i,7183023416979186213,6034560397737213041,131072 /prefetch:2
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1876,i,7183023416979186213,6034560397737213041,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1876,i,7183023416979186213,6034560397737213041,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1876,i,7183023416979186213,6034560397737213041,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1876,i,7183023416979186213,6034560397737213041,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1876,i,7183023416979186213,6034560397737213041,131072 /prefetch:8
  2⤵
  PID:208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7526a0452193f7e18e0d4ce4d3e04dc3

SHA1
6ea4a659b8d7331db5890bf51f872e66a2bd23ad

SHA256
06769e4750a04a82a701a9b43b013bae08f23150e40bb0929ffde2e782e12287

SHA512
ee94e86c2a33d5820bf39a0c03b8e0bc7cf5cb74b1934617523fda54aab4391adb90f43b0722b3ee0b6a42ace791a987d81930bc3d18bfad5d646ca2aad206b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ef01d6b1fdd74336c44b60e26c0ba6e0

SHA1
4dc82600d88bb2ca0a7d58b2ca4c2b717f8004ac

SHA256
644ae0506aeb907599786cfad32241a4dd27fea7502524fd5fc34f6aaeb26600

SHA512
f657ce159db8a5c5c35c4f3fc3107f1531827e29279aefccf52572f667d0cd1474c557b510e8390970be8a4e48297948e54fa91ddaec6e2a431c4dc38f9cdcf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
88086f249dadbc2e3ed73b94356ff49c

SHA1
a48aca1ae4b7f6abc3c8ca34a0e4a5cb7f4fdedb

SHA256
37f028b1d0d992cdb116d3b205de93c8dab776afa13b76577a8dc8fb73d06ae8

SHA512
4d8f4e7002c81e60b22b1661b4ff7f5ff56e4a58c40a22f7718bb7066131371ba590f7477917ea05935a335bf24b15709cf2706cdb27da2bc2020338b30a5937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d50b52c6f5b6a712f86e21c6be463957

SHA1
af42162a91f777c6e387cac5db950e9d563885dd

SHA256
6b7d421388067da2aeb67aaa2eda78de3f7aab463fe80aa71658b809651ed8e4

SHA512
487d60b3d5f86ea5a69b77152d6f0d59c607291069b896b7e91c10660b6e7e84dcc0f87b3b2f69ccaacf3c2cae8f02bad3cbc34c9b0b9fa9e008d4b6938985ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00a48cba1d7794e7f87b8fb5014f5892

SHA1
70ac6c47518bed7003c596844462480b5d9e102c

SHA256
9182103c75d73ae7d746a7ed4f5c2f19d08cd51c8e5646e2e4390456c577b601

SHA512
6e4b7ab24c232be04bf5a1b797483cdf2aa39615e8c1bd51062ae58722dd1953ba9ad4ed9b90f13094834467677f5e29eef6b6be2edaf08fadfa0b9c7fc97367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4cf63567051a758e2a79131cbc16f79a

SHA1
5cdb1759a06ccc56f6c02a26dbbf7a0b86558dda

SHA256
005b95e04dcc07f161d730601ce9583edc51f738cadc38f959052218a2034eb4

SHA512
3e2c713c467aefa39eb02fed8adb9ec597eec6d2d283dcb551bd558f5cce9ec85b2e2f073ee9e2a72871cf1e67d3667b7be83f3479e613b03da11cad78777d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
16ddbe8b3cf7a9ada7390f41a7276d7d

SHA1
c34cf3ae1e2463a7630b908d561984a8e559abf2

SHA256
df093ec255c4c42ec02790755752cbc33bc29b9946db380330f37acc0e7377df

SHA512
530a3630428ed0229f9fbca8f45c2366b062d29a57bec12435884c71060896cc56a7435f1d5ad9269317dc6544c6750094515a500fe9fe9c0fbc726c7121c2c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0774a8d2efe40f7d6402eec1bf7a01f8

SHA1
ff524ceb05479027bc1c61fd53b9951ca6f44bdb

SHA256
3c03d35bc22e4ce17303ccc3c6991bb4063f897c0b9ebed4215931cb563c0899

SHA512
1076b06dd77d33747ab0541d80f5aa83759422f974e23cc4d4bcaef68fafa5612cc66b895e5a6d4a51d2ecb373af17b0227818fe28ff7d9b2d63f472a3908b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
218cca52b44cafdefedd9ecd35e986d5

SHA1
2f55f4d3656721af749acc083ffd40c6c7b8b35b

SHA256
f663ecadaceedf754feae0197a3237a1d3b8b3837c4044edc5354e8b8039593e

SHA512
25d3c8015d35c4556392a0235cf2e543f86932d838e46b7e8dea624b1040b83130e9c5825e3dac54be7b0b5b33dfb93030fe596d50dc8af823823a63fea30c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
9d6f85bd8b88d6686c085b4153d87e54

SHA1
8fddbefe2ce32c78ec1d774a6301ffd1cbade952

SHA256
0230b6b372109eb9a9f69d4dc8237946ce5f68931897c0545232b5ff2cbea35e

SHA512
19e8333afeb443111d1bfa7e129647ec884e4c663590a4f3def07fc251d7873b098f283d1180adac1a8e4226a1557d62048b5c1e35010fb8db85d82e25af1eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit