hxxps://myapplications[.]microsoft[.]com/?tenantid=816ef078-e1e2-4e49-b265-68b9d2a9ae92

Analysis

max time kernel
302s
max time network
312s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
11/01/2024, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://myapplications.microsoft.com/?tenantid=816ef078-e1e2-4e49-b265-68b9d2a9ae92

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133494124957681289"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe
Token: SeShutdownPrivilege	3148	chrome.exe
Token: SeCreatePagefilePrivilege	3148	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe
3148	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 3964	3148	chrome.exe	66
PID 3148 wrote to memory of 3964	3148	chrome.exe	66
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4484	3148	chrome.exe	79
PID 3148 wrote to memory of 4060	3148	chrome.exe	78
PID 3148 wrote to memory of 4060	3148	chrome.exe	78
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77
PID 3148 wrote to memory of 3516	3148	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://myapplications.microsoft.com/?tenantid=816ef078-e1e2-4e49-b265-68b9d2a9ae92
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb046e9758,0x7ffb046e9768,0x7ffb046e9778
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5000 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1724,i,3531363824836577579,7305659243546213368,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ea680790454919fd7e8a09ccf61a8d47

SHA1
5b5872cf76d9dcde19c670f1ad9b0edd8ee39e72

SHA256
493075482b7ac297dca7cce40df23e8587b907833d957435ce6792518e96b12e

SHA512
413b50bd7475f60db83bd8e27938632160a5fcb664977f6fd5917362f332275c566b283767ee81f1315e54de8a1c9111376fd19996967947a9e1514f8f76023b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ad884b48d75a77cc16dc0d5aab4682d1

SHA1
5371cc5fd5e463b6f4709d8c17a3319376ee9f38

SHA256
dbce9d45fa2789792ed2f103696cb5c8380aa11f209646c386ed5dd41154bb31

SHA512
b81a42c11aaa78cb92c3be02346be837a9625634644b17bb0e1c301a3e7cca12e96032a8671332b7215c22def008d02c1770ae09f342cc9c019ac7a71bf08061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6710773b28135e39d559f36e707d6acb

SHA1
4e9214e999481a655eafeb86df14421344ebdbd0

SHA256
aa9e0fae5dd33527cf6890fc1bcdf029448c3340dadc7f8e7364ec0f42b788a9

SHA512
10aeb114797b4c333a59f4888a846fac6a06ddcf65cdb6ed1de5f93a3156e077547080f6671988c5c17e0dc85a7a39334c145660f816115bc0a8f4a27511f093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ade0603899fe00b814cc6d78022b4dc6

SHA1
b5f964df45681451362da5bde4cd5e1867b52149

SHA256
922df70893a4a60e0b6f3cba8b8631113ed48dd1905c8a95692279057b6414d7

SHA512
ea5a500c46bfd23a80791a273aec4b710880042377e6b6961f3f8b6aeb35a1dd93f364e25d3767c8ee4b0a9d88503f53cef2b77f24d8797e595cabe5787ce482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
67d94ff6a211b931a5395cf17789847b

SHA1
ab31f0205a1a5dca484e3808a7fd68170c726316

SHA256
7262da5039548526bb0c41ebc193cb6f28b815912dc51b0e6419eb4d505d5784

SHA512
e40771a6a234a3ac3b124005763970464444ad3445702329a51cd1b3c3c9435b674fa99b2e23d304319192be6e1b5a31d04db0566c2a2133c4363431c6c08ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d6fbb4f53063c925d74d7d19a6a54f7

SHA1
b6a8eae8fd0f602432d4ef36ac834c2f694b9c69

SHA256
0e04c81b065ce5fa8ec26f275fd1d101bb52edd481a165d032f69e6fde4cdc73

SHA512
8243dab548249d9e71ff97442ba43a1b00b5a259cc98a806b96c7f6d2b0f088357a9d257bd586ca62c50893e5df2191a6eccd607ebcbb42e8de804d8f89cb1ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
5f75ad69023917b52defec916f727599

SHA1
3c07a5e9cdb16a84ec5618720ee5b02033398a2c

SHA256
28508a3940d1191efdbd7bc3a43f6b2e8a4a63412f2a8f0a765766ef6a614daf

SHA512
77dfbf48130d69bde1b950b4b0b27ed6ce9bfe0f00b13d9cae393e254dec46fddc3fb093151e13c46ac8b461a9b71eb23a864fa08b494f6b724ddbe547652fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit