36ec23a65cbb21b3321c57da51497249351feae15c3569b08ca93be744a4c296

Analysis

max time kernel
1224s
max time network
1695s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
13/11/2023, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

3b4f18dba7ba2d456f90c8fda9c7d6aa
SHA1

353b730dd29f2118c4103d7732847f1adfb1c7d5
SHA256

36ec23a65cbb21b3321c57da51497249351feae15c3569b08ca93be744a4c296
SHA512

123272e4bc36bda314754ce1184a38c3fe4faec1b102c0f9f25d7a2f54bacb489fd776754cb90fb05c57b9e4880e4e474885c864d3b741a4114f26418bd3a285
SSDEEP

384:rsykDpmReVoOs4in9ylKeGMrU8Hhhbf+X7/XiN2weuLQbhJCBXQL:raBVoOs4i9yI1MTBhbWL/puL4JQQL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe
Token: SeShutdownPrivilege	2276	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe
2276	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1688	2276	chrome.exe	15
PID 2276 wrote to memory of 1688	2276	chrome.exe	15
PID 2276 wrote to memory of 1688	2276	chrome.exe	15
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2684	2276	chrome.exe	32
PID 2276 wrote to memory of 2964	2276	chrome.exe	30
PID 2276 wrote to memory of 2964	2276	chrome.exe	30
PID 2276 wrote to memory of 2964	2276	chrome.exe	30
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29
PID 2276 wrote to memory of 2712	2276	chrome.exe	29

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72f9758,0x7fef72f9768,0x7fef72f9778
1⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:2
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:2
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3040 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3184 --field-trial-handle=1008,i,8246654026197003444,8538730336274448597,131072 /prefetch:8
  2⤵
  PID:2996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2a796647-4d70-449c-be37-291f80ea3dae.tmp

Filesize
217KB

MD5
83983257087c31b1dab4e462bbebf787

SHA1
ddb0bc316689f88fe88b4cdd4be7c7931c36005f

SHA256
18be2561dc48794050c69da06fbab9bedf68d9608dbf591c7cc99b82fe80a3cd

SHA512
99ca8453abf1093ce9b6f9798764ad1b35e5dafb2e7077fefc6dd6159a26d09497c535d1e313834b8cc65e33473d2f783dc512722333943484cb77177b5f4def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e1cb350654e0d51c5624b004dde3dcb8

SHA1
48359ab249f043241e0b20efd9b30e87d085c726

SHA256
5f88f3560509a47485498f63a1b646f31b8e3b59db4a588ffe2fa1a704eeda3b

SHA512
1de5536a58c21c244c4bd6465e40a916ea81b2b3bafe3515440849729610942731ee500084e8e7aa19fa9cfee64dc2e50b077f409f6c279ff23f0de6dfa7334d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d175045adb44de9f5fd698ec68c3bcbf

SHA1
2bba79f45156dc176a782654daf00d7617376b42

SHA256
9d1513cb7aa3549693fe3c24f7c02d4bd0e0ef9e92f8f596a11e5bec07af77e8

SHA512
ab4431930a9f158768f7775b3274f2b79b899f78aadc028088fbcf90d5f0f18866f9f219e34b33b4c60cd19969cfba786f55171324966132fbaf6888d8a8638d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
d514a801794af8badeb8ad0da8d19a83

SHA1
4a71ad4e4f7746d14d30308c8e36668af716f5ae

SHA256
bde2ec3f31cb7ad4b5fd2bcd95ff8b83f394464b1954d65d054fa55cece9a7e7

SHA512
c86a361175ea1c72e549e210c1b9ad246f8b74e70ef341f1c391cc842cb5c3cf42d3b463efe151f0afa63daf50b20afbe1d7366476acc729b7070c60486d2754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
215KB

MD5
a6f877e9dea2f2c439d89dd533717b8d

SHA1
e2e0c6749912f29cd5bd4f949939575129f54acc

SHA256
2ac61a6ba9892b1d5752d0b6565898fcc87717eab586543ced55bf37548ab599

SHA512
34e2c7c14cfe02e11f8201640c9a2b3f076c5e9650da0fe791bc367c71106fd7d01cd746e420af538db9470597c64818ede6a27ec7699a32a03594291dac7337

Download Submit