hxxp://enterprisetalk[.]com

Analysis

max time kernel
111s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://enterprisetalk.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444693147121291"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 2128	1224	chrome.exe	32
PID 1224 wrote to memory of 2128	1224	chrome.exe	32
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 2076	1224	chrome.exe	92
PID 1224 wrote to memory of 1968	1224	chrome.exe	88
PID 1224 wrote to memory of 1968	1224	chrome.exe	88
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89
PID 1224 wrote to memory of 5008	1224	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://enterprisetalk.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc15c49758,0x7ffc15c49768,0x7ffc15c49778
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1848,i,5249785873547449248,6166075252543368543,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1848,i,5249785873547449248,6166075252543368543,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1848,i,5249785873547449248,6166075252543368543,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1848,i,5249785873547449248,6166075252543368543,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1848,i,5249785873547449248,6166075252543368543,131072 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3888 --field-trial-handle=1848,i,5249785873547449248,6166075252543368543,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1848,i,5249785873547449248,6166075252543368543,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1848,i,5249785873547449248,6166075252543368543,131072 /prefetch:8
  2⤵
  PID:4840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2db08e2de959b9f1a0bacf41c2a00f26

SHA1
f21f5bd395fefef70cf60cb8e73b2c17e0313ebe

SHA256
73245c43140ee9346d3b14e964479c685684d35eddc642d438cb73af501aaf8c

SHA512
b658b5fd4a823934102de495171414f4751d153144a3c106ce116385d27275ab5be9c4264197f27b59bdbb9c089b1737ad7ee14d120f36bed7857438c65e3e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4582a288-7282-4d02-b2c5-0ad8a4e536ed.tmp

Filesize
3KB

MD5
a9089f646bb418019ac5dcc506764348

SHA1
b48692519d275db8bb76064d50ca9e06bae66b51

SHA256
435a3bd8173aee971531c1cb8326cf5f8382767cc2b513912c45d9c41acd1ac2

SHA512
e344fb9a91497c09e3064a7d3d38b29194525944fa0f0c7649d317ad5148e97f36fab8bfa485d9d145ba6f45715024df4998fb12d76780a209c2834526598376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dce85743ecbf4b462198c628b905e473

SHA1
13a08c7d3fafbc032045722c3fc14bde28ef2cdd

SHA256
ba37034edf4c4d53111dc10ec44c1d539f9f8eba37ca0aa090a1cdddc619ec0e

SHA512
e750c803aa34d87ab362bf51f906ff96af776e85e8f8c35d7c92026ad7932d5475c646104e0fa7cd43709cbb85c813dd5a8e174cec4754fe1cd1fe55377259a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f14dc4c20530de9bfe804f11255f36f8

SHA1
5af69bd8ae35980538729490a722a294921a98f8

SHA256
3c134aa60b85af71c1cb8b47c82f494834c56499dc28c2ded45f70fcbf23ffb5

SHA512
f5c7412dda96f57e08e31fa612fb3b3839dc928f2fec84441b2504128121e275142e76914fabdb61dd6e3850d9e6b02fca4ecac06d87beb7574336a437b45e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d164ef5d1cecbaee6a46d190d8604bf1

SHA1
8a28b96fff4321e4c135c32f5130e35d81d691e4

SHA256
219512bc47cf87d760c7904f68467ab1d4d502fbf0e2be598dc7b575d1390433

SHA512
018a6aae75c013cc45bb34f1a5656fa2df0dd7635906136caf231454ebbe9f510fab4b714dfcf89de85261caa9cf3521815ecf77a4197da8af0290c1db2f80a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3fc524b801aef20a1fd9a962bc9c4ae2

SHA1
44bb5a9ee29abdfcf653f997d01d9b139c2f5c6b

SHA256
7e13221ba1b8cad9b27f50b73ff8d034209bfa92dca9494aee7adcd492a78d7c

SHA512
f3570f695497fb304cf5479a469972096cb1d72f9f26340c38aee50337c550ae6558c29d4ffaaa005620b8f1aaaba532b179382bdfb9b1ab6c70b24d34a3d9e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6570dd7e48016cd3b4dcc709cf41392c

SHA1
513b98e281ae73181e13d4aa6dc66c14bfd0826a

SHA256
5a4a680ea50cfa12861059e1b9acb8ddc9220b3bb4e8434ac5f1f68c14559839

SHA512
d00f36af0da45fe4827fe3d82d7ceb86d660114722d46e02d1535ab5707d9c075d0a91ba9e11bff026735510ae97efddb6fab558c528ae00b4ea7c1761e5e1c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c0377c8e7703cf3b6e3ba80fc43488af

SHA1
4f8f50a9cc0c126c7a6759a985141767aeff0edf

SHA256
8624d37455084446338a57d8df4660a78089978dc59c77855b4750dcc99da6ab

SHA512
977be8d575706222fe7a85f51b9dd6479f57981bb18e8d977e28cac42704c8d2f75836d501ede3061dd82d4fa0fea492c32d0d39cbdf6e2b7af54c23c68523f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
e843581f649fbcfcdae9238d49f37334

SHA1
432105df30971207876f7c04c66c23f653ce8cb0

SHA256
303835bc2a9d2a621be49373a19cab597bc4f5f8d411b007eec708a679139d2a

SHA512
cebbb91daf63d460398451d48dd077f9578ad8d507d5b86be95ee0f19b5d204b3aa6c9d3797d1e799cb20af89174ecdbfbac18336f45f76ba81794313ba5d4a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit