Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-11-2023 06:05

General

  • Target

    https://ncv.microsoft.com/XInIlq1B6D

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ncv.microsoft.com/XInIlq1B6D
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0b9b9758,0x7ffc0b9b9768,0x7ffc0b9b9778
      2⤵
        PID:4280
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:2
        2⤵
          PID:216
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:8
          2⤵
            PID:2508
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:8
            2⤵
              PID:4228
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:1
              2⤵
                PID:4864
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:1
                2⤵
                  PID:2004
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:8
                  2⤵
                    PID:4432
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:8
                    2⤵
                      PID:2748
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4940 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:1
                      2⤵
                        PID:4416
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3884 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:1
                        2⤵
                          PID:4928
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4912 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:1
                          2⤵
                            PID:1784
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:8
                            2⤵
                              PID:220
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:8
                              2⤵
                                PID:2540
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5684 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:1
                                2⤵
                                  PID:4156
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5888 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:1
                                  2⤵
                                    PID:516
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1852,i,2634486669980383247,2302937294724640306,131072 /prefetch:8
                                    2⤵
                                      PID:4448
                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                    1⤵
                                      PID:4880

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      264B

                                      MD5

                                      9895a943bb5660432a369db830ff32d8

                                      SHA1

                                      6f27feef1b30cf81259169d503975448a629e861

                                      SHA256

                                      7d402ef6dc20be8fa00135a87100f0c629051509216d1865d5933b12836134fc

                                      SHA512

                                      de3650dbb954edb0f0ccc7dd644b0875c38e637d4627781e08332604d8f820a7f43429f1ed33cfd9e2eea0a1e6d05c2e35d6096eb00ca84a4e5d2af043e56cb9

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      432B

                                      MD5

                                      175d7197bdb42c169819ee86cd7d2140

                                      SHA1

                                      ed3498b807a4d07ff0cb074e726d580b4da06bb0

                                      SHA256

                                      9bb9dce9c2271ec50b5877088ff311285e4ec2586c8351d6098b53cd3dcd8604

                                      SHA512

                                      9496f786f897579b0fa5e487739a5e8952b29f00fcb1e5f53b6bc7e59f8d3ae2737d643fde4c26769f32772d96d95369046e113c162e07f438ff1f452f7d39d3

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      456B

                                      MD5

                                      526f50273d9ed89a40cb218d9b0db934

                                      SHA1

                                      b84fe16a366a82f2bced979b990a12595c7d2c40

                                      SHA256

                                      e6457895de17dd597c2c2bf07eb414b50e26811af3b40d5c27e5eb7106e20677

                                      SHA512

                                      3121600cb3e0869e64167236741e51e441b8cb76dc83cc894e7480214fb0627ae34ad4b6049ce0300bac322dacaa793f050c3ded77a146720fd228be716df5a2

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      3KB

                                      MD5

                                      649f4a32370d917c88cb0379da86b46c

                                      SHA1

                                      9b6a46114703a1b0d2df712cd0a4153b30dde23d

                                      SHA256

                                      4f8e45c81b32b2f0169162da7d17d5a8a7eee77c3b5630d80ce863b2973236aa

                                      SHA512

                                      ac4e1a6e3e1b3c3ef225e7e2963903c6aced6e5024206b8a4002105462acd764073650285fe59a4f146c229a75a44e5f201541d81107c665d3b0a394328145ee

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      b9dbaff0ba331b5568362d7adaf72055

                                      SHA1

                                      c77e8555918f3f5d80e7e00c5cdc0984a398ee99

                                      SHA256

                                      4144e5f870544970792fc57249306fce4967a87f2cce0599601cc1d9d3bd4515

                                      SHA512

                                      e9287cb7172e05b5df2545ba6812be612395a762fb810c5e91fa25678a65182e798fffe5d8c66c7f5bc10b2d6f2785a10d8e5849a88d95ed9ccdec0a82b91513

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      610fbe97ae1ce337a21e7d713a489876

                                      SHA1

                                      eeb7f73e8b0de8d0c9e3772c57a0c5d7e70df67a

                                      SHA256

                                      9e9c8d351a29b438c5bfa9142ca314a4d8a408ad96cec9cf443d977270b82597

                                      SHA512

                                      c7772cd54665478f86557695f904cc988f82b0f1afe9892e1e9f374956bb768e62666cc28b43aa8a35dfff7a36bc48b26dc6879522c32224d3e86195c55b4264

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      538B

                                      MD5

                                      6e7c1f25d735fb94f40bbda3ea5032f0

                                      SHA1

                                      8df9c1bbf25ab005cddf7f3b54376343cf1d6748

                                      SHA256

                                      2e90edb1b8cb3178bf07eca2972bbb40538485f39f56db535793bcc2885e0f46

                                      SHA512

                                      4f82f3cbc9efa55ebeb18e03e96d41c49e403f42af8916d0916cd2f2cec7f51d0c2d4b6fb5b20be823b18b34b3bf1e6f1bd760c7f969399aa031defb351c9a77

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      16ea9d07ee0f535d21c73ebc960097fb

                                      SHA1

                                      01ceb73180156444f4209f544cb38fd84be0e83d

                                      SHA256

                                      31973a8e8000798285c75bdb9bb3cb41c82ab374a5f347df3f3d7d46814776ed

                                      SHA512

                                      0a211eb57a71b5bf73edfc8d9e2223e4157666ba74c12a0cbaa148787de219b044d5145f293fd558685a12bfecee98198ae8c1752ef64e91d435bbe0308df14e

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      4f8986bcd7a0eae9652110b8ec345326

                                      SHA1

                                      f93f3f03542f1ca8d31d7957c7e8431724dc641c

                                      SHA256

                                      ffe41567d2b273ebbaf1d07f13e95c82bbb1526b1dce659ecc497f69a70f9c56

                                      SHA512

                                      0d7efb255504fd5b6119c5e6aa0e087c8a654f6f32b16984aa1030edf9577a8d4b7cdb5faac78a85db2e615a60fdd36b2ca826adc71847d3cd0c04ba04f87e8b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      64d15f92fb7955b88c9eb3e375f77518

                                      SHA1

                                      869517c598b15feab9b4dcb76407738bdf2ebf21

                                      SHA256

                                      15fd28a2bded8b014999f67a50732189e011088b1993730ad835517d27ac7971

                                      SHA512

                                      e252605a97673e1075893743e8cab4a1b8c00ab43c4a5a62ac16d365aa56a81e4eb7e24f3e5c082cf53e80c78516fec2d94f8700d02d0c326359647d61c2773c

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      e77bfb9ea9d00b560129664fcb68cdb6

                                      SHA1

                                      b02e3126a6e80aa62cf5414f87f255402f5a0632

                                      SHA256

                                      9b91704c6f70645a4028d4fd23a6d9c9c17cbfb7128201732867166f1ad98e8b

                                      SHA512

                                      e4f7b25d4757153a661e9ccc1b24113d94836e9a3856dd7b19797983a3064e5ed494f664e2a7bd976549deaf4b8ecab07a5323828e1603eca849597e8117a8a5

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      6c3f89d199098c79734784afc460e5c5

                                      SHA1

                                      fc524c947f02a1bdc3ddedce5cb2f1404f90b969

                                      SHA256

                                      5bb2b8a7e79640e391e01d661c0709444bb6bb07631c5246fa5378e3353f9eb8

                                      SHA512

                                      eeefb727a24658beb5188a0da401f0bba5237974e1dbff6813ddc91b2fc54764879c8c8ab6213131b3c91bc5fb073734f2f474dfc0ba4dcd389c837ed0e2ef0f

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      109KB

                                      MD5

                                      7e6ce5e54921c28ca9d1e18a4c1785c5

                                      SHA1

                                      b5d26e02e25c2919050a6686cf34fddd1229a222

                                      SHA256

                                      5e934f6377befd1f25309142c1d069ee11ba9956119f32634c15ba2b21851aec

                                      SHA512

                                      b6272c0042e46bd252444aa2fac691c3b9a81b178b094a9ea9c5046396d42d4aaa9a317412c1d15f149ff4fd5a565a1cb9e3cf01b44da396a1c4f2b08fcb1482

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                      Filesize

                                      105KB

                                      MD5

                                      837b1387688d3ea9b53a22a37c206b92

                                      SHA1

                                      0ab34f6db999426faae6933803f5f3e00a00a2cc

                                      SHA256

                                      3383e377d9e76ff12d1e1a0d087f865fb9b1724281fcdd60a24fd7e45af87e8a

                                      SHA512

                                      02bfa7b04168910e5a7e1fd1faeb92e6be6a7ff7c7fab24395cb1fc72c4ab9582d055918343edd1c79e48872af4cdba24c2438549df61bd72d67808d1a759d48

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5898a1.TMP

                                      Filesize

                                      97KB

                                      MD5

                                      c7c73a9b864feace05d487842304e41e

                                      SHA1

                                      3dcbe883cbbcff593d8a1687a7a25b12d6bc65a4

                                      SHA256

                                      d39bc8aab2a8ef76593176f7a0e84a40fe416d829920f47df51508aedeb92530

                                      SHA512

                                      755c0565fe26483b6e47b3f634cdb0895a38f8dd5869451b0a5014e7318efd51fd445f23e21fb7c0a68a4e8bfd4c5f8cb3b91d0b56e00c953d93bdd179d4fe6a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                      Filesize

                                      2B

                                      MD5

                                      99914b932bd37a50b983c5e7c90ae93b

                                      SHA1

                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                      SHA256

                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                      SHA512

                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd