hxxps://google[.]com/amp/ip245[.]ip-147-135-76[.]us/cl/40468_md/92/13044/2087/0/0

Analysis

max time kernel
34s
max time network
171s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com/amp/ip245.ip-147-135-76.us/cl/40468_md/92/13044/2087/0/0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2252	chrome.exe
2252	chrome.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe
Token: SeShutdownPrivilege	2252	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe
2252	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2456	2252	chrome.exe	16
PID 2252 wrote to memory of 2456	2252	chrome.exe	16
PID 2252 wrote to memory of 2456	2252	chrome.exe	16
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2748	2252	chrome.exe	24
PID 2252 wrote to memory of 2692	2252	chrome.exe	25
PID 2252 wrote to memory of 2692	2252	chrome.exe	25
PID 2252 wrote to memory of 2692	2252	chrome.exe	25
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26
PID 2252 wrote to memory of 1880	2252	chrome.exe	26

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e39758,0x7fef6e39768,0x7fef6e39778
1⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com/amp/ip245.ip-147-135-76.us/cl/40468_md/92/13044/2087/0/0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1508 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1260 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3540 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3164 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2452 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2024 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3156 --field-trial-handle=1180,i,16355946375322205195,5806715446172567200,131072 /prefetch:1
  2⤵
  PID:2184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ad2b52d6621bbeaac3fd2194d70fb1dd

SHA1
c9dd2c756efdfdb779ccc7fa0984630aab11feae

SHA256
0887bc62630cd857a79bfa16b2aa559ccbc82c940232bd3f29c47c5bc394a177

SHA512
97a3845604dd7a816d719929edcfd83398671e74fb243d7744c97a803b50c1210abc90dff8f625ab8e79183b27f43a4dd3d04e3deb53ba73e9830d1b4ed8e210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cccc12dd908ab171c89bae8608dab386

SHA1
b9c0caad519b35531546c7c28ef4bfb066e804c1

SHA256
13a7a8ce0d18f183e6480cac60e7db5a67d6193801b182e64197cea1dcc56598

SHA512
82f653d1d66dd056498fdbc74c9702b5bacb6f2fda447f612e67ebc969178ad8101a6c03a8e233fa183c104d01250a95bd2d418e734ce9ae71e047abc4ae8078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e2cb79047738bdfdc8f1322506519bdb

SHA1
4ef2edc7247912a227d5f85e206096bf5e721454

SHA256
c94d686f9a8daaa2069d6c050c1736100d78c7272f07bb74406804fd17dfed26

SHA512
c7ed7529b57d06f15042ea6283c3d84f4302f85e14294e70de908a1bfbed98e277e0a7ebe3371b56a974d80a31b6f69bd8f5dba37ecb3a480998d86d4afeac74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c30dcd8f23f26c0ad9fbe919bb7a8bf3

SHA1
ae871dad5b7913701e4ea3588dc14c2d295ea165

SHA256
7b3b726ae088f4a38917243e2db9f953044cb23d3a3674ecff19f1c2fa0afc1a

SHA512
64dcca8a0f2c41fff1c26c01e8489d5e5bf0afcae9250e1056f88a8fa1ef0d19550c6a7cfe32930d5bc26b3d490e9b8b75f9f6f8644906ee289ffb3eb3fae347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
53875a1d72dbb00dce477e9e5e321710

SHA1
8bd1ce64627d49c8d6078e87b5bdba2ab45756da

SHA256
d00e0e2f92f3e5cf9d1121a12082fd1190a0d90166b57e0e74d8a37c53dbd6ae

SHA512
15742a144899cbe75c53342a85a09a16861a9d5c312ce8818f01600223f3eff2d891592b4a6803dc2f9b46bcd2cedf23a311c93a035b6b551f3e97cbb7e437e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f4de215b549f25144da1a89ba68816b7

SHA1
8dbb06b9245bf5952adc1675d1fb1d7cdfded458

SHA256
efcd71f5d0d7fd93fb0385f1d25b56eb60ca36437a758b9107deda17b9062c06

SHA512
abcecddccb0063d09c65fb3eb61e99a4aabba62d33abe0c3de324be3a294d4192cbdd4c229592e911a828fbe50acab4e066497c53809c5dda345041cc5fee1da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f6c0afce0e0a23bf82cde0d18528106f

SHA1
1e34bd7023302f42efac8d13a7eb83400cc9e832

SHA256
0c5f88de2deda4f4d85b028df0f5a3a4e38d8023ab3985d116e269e7cc4fc349

SHA512
f534961e8e646bcdfaf33be5d44ec44d4a04d988be970c98a6637aa8f63657518ecf6c7746272ae15d605687e0551d56226f3c03fcf69ce31997114bd8b69cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3dac729f724bda9166eb3fc9be3f9aa7

SHA1
a0f31a2ca5f83ff8a165158b96370856d7024f64

SHA256
72f1b8cfb52f2ea6a6f5bc43c188450e1e6bab170fbfb6e74fb327c67e6e982f

SHA512
de8e1449d665bc38f821d3a5465d027f80460b56f6fab5b5675020cf069b6cf3565dff778b6b1de5cb3a81a7b33613eafee4e66437e7a3ac58785c5271c6b2e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
269c0706ec2706b0eedd3e3de978bf41

SHA1
7f1a5a2768e962a33210416a52e7ce9d3cb7f401

SHA256
449e98e89897bfe159b188cef47cd1dbdf5792fea3330ba65cd70120e3aa011a

SHA512
c0e8e45efad12a964839c11be71e75e77b26013d890b9a6770ca4e1f97de90672e67a5a4170fcf7b0ebc85c1660d54576087d3eed5170bb8dda4affb44c269a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3dad3c0ae0875f199d40100114c31f27

SHA1
0af783aa5cd9c2ab358674bbf341073aea5daf38

SHA256
0ddf1b3db7a4e1d4ba309c5b4959ed0230be7cecc542037978b9a69a0a577371

SHA512
cc4ca7da8c43e04a3655daac80fa8a8621e6f0217981c5360724d6439a015726986e73babe1935a0a14fcb04ffddf38e3c5ca195183e92cf9277a36214e77904

Download Submit