hxxp://fhghfhf

Analysis

max time kernel
34s
max time network
1807s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fhghfhf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 2772	1816	chrome.exe	14
PID 1816 wrote to memory of 2772	1816	chrome.exe	14
PID 1816 wrote to memory of 2772	1816	chrome.exe	14
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2616	1816	chrome.exe	28
PID 1816 wrote to memory of 2756	1816	chrome.exe	27
PID 1816 wrote to memory of 2756	1816	chrome.exe	27
PID 1816 wrote to memory of 2756	1816	chrome.exe	27
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26
PID 1816 wrote to memory of 2760	1816	chrome.exe	26

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7209758,0x7fef7209768,0x7fef7209778
1⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://fhghfhf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2220 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:2
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2800 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1632 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:8
  2⤵
  PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3156 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1772 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2320 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=992 --field-trial-handle=1380,i,11767504686099002503,5392484931807125632,131072 /prefetch:1
  2⤵
  PID:624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b2f74056012132de9673214bf50ab396

SHA1
fcb44954b2f5253236d0806ce29f40a5df1be5f6

SHA256
5144baaed7dcd597186b06a0224f21b968d04551206b34e0846dbe4acec92f07

SHA512
44d0e736b848cda4d50c2af990d50a1c73aa9c2045a6f556cfae6e2b1e301c5787152d2887ad5d548be3b70064be81c8701b3d5c08b19ae564d3d02bc1228478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
04de8dfda89c6ecfb08f94a9a80daefc

SHA1
a1011f8dc834cc6beee5adbfa0786dcf2d7c6fa1

SHA256
9b17a54b212195c293afc51fb8f61cdf0ba667077bb2191ea8176f9e6f51516b

SHA512
bb08a201891a14990e4a614a82dd201547328c8f103d4045e45cff26302d616fe8b14907ebc6fb27d865afcddac5bf04bb5b10348e5a5a186b3a5315cf1e2cbc

Download Submit