05c439b13ea8a5d650754a5105a1cbb2d49ac00d507649f8f1b41dbdf598e499

Analysis

max time kernel
301s
max time network
280s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 22:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Aura Marketing Agreement for YouTube Partnership.html
Size

5KB
MD5

5e08625f958aad0aacd4999ea6ecd77f
SHA1

bd1f1419bc5a2bc248d228b273d6239bc862f264
SHA256

05c439b13ea8a5d650754a5105a1cbb2d49ac00d507649f8f1b41dbdf598e499
SHA512

f94ebe96a4868a03c561e6f781b683727d8f6e1559f6890ae0712f27ef0908ab5ec30e5fcf9da4bb5f74cd94ebdc2e4a036badbbfa2bdffb7640b1ae95c1b3aa
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8dZqXKHvpIkdNWrRB9PaQxJb9q0yTMQr+CfLnq1:1j9jhjYj9K/Vo+nOaHvFdNWrv9ieJ9qI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133495738800284054"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 5000	4420	chrome.exe	86
PID 4420 wrote to memory of 5000	4420	chrome.exe	86
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3100	4420	chrome.exe	90
PID 4420 wrote to memory of 3380	4420	chrome.exe	91
PID 4420 wrote to memory of 3380	4420	chrome.exe	91
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92
PID 4420 wrote to memory of 5012	4420	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Aura Marketing Agreement for YouTube Partnership.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc89b59758,0x7ffc89b59768,0x7ffc89b59778
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1888,i,2975519720335227550,7600619883130274721,131072 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,2975519720335227550,7600619883130274721,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1888,i,2975519720335227550,7600619883130274721,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1888,i,2975519720335227550,7600619883130274721,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1888,i,2975519720335227550,7600619883130274721,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1888,i,2975519720335227550,7600619883130274721,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1888,i,2975519720335227550,7600619883130274721,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4684 --field-trial-handle=1888,i,2975519720335227550,7600619883130274721,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
768545bed295fe263270575d791e8097

SHA1
faa60b30e24d797c8dd765f4618477cb3e6d6a77

SHA256
df88a7670bc095416cafb88066ba82a222aeba020fc2aaaffed091d60f8b1f42

SHA512
4990e111cdc4c5f4068501f333c92fad74b103aee4fe75cecf29d7ef7d733a74de62230b48b94e4809d30e8d5e22576f1a048bde8e6cac25a3426e8282aaa70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5558b6f93cb0fcf63b3253c7963c5203

SHA1
024d60b504c20055ffe92c6823a2be6a4f548d54

SHA256
721f8223c9d3972226043f5563e98ef83aa52efad6cad1abaa2b70fdf3db40cd

SHA512
191f248a0cd24c0bf432fcd2fe60304af9807331f192de2869b1c9bba75547af4d4c1d2ae3b1dac7286021f4977b1279d2ed86fbfa58b696118b6b334c1f641b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c9dc49fdf82eb488f7d3e2e811196ff9

SHA1
068521768ab3d0485985d59c06d9eb9dc464a56c

SHA256
357075858b5806fe88ed20614464f7f54ea8f7bf58be80196e58529f88de9b17

SHA512
df7faecd794f0e52ee098cedb3c9b9e5be62b029d6a805696b6d1186f97c6ec6ff83fc89ff8a39b2839228fee27e31ab83484a14684eb07ae21e561e43d49a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a15901b6e5621410f0198be3f95b8a7d

SHA1
2c313c23a5dc31458e4a6b9d4722a3fcdab55c77

SHA256
966773028a6c232b3e9ce5de2bd76e00699de4741aa0e0e5668647018a7e2de7

SHA512
58e2a5d9913b541598aabc6187de0ba38f2600ece5522d09204f4c1acf268a2fe8449f0688adf6aed5540f9107fbe9bd346fe4ca3ef717c5d3c9a03c2faba1ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8b827fef43b9172ded70284fbd48a9be

SHA1
0c15f20f4b4bcaf7c81f48264d6915d394b84532

SHA256
9e01b5bcf5dbe0799b7cdc69c14d865f9483266e6ed355253cc6ed2709a9a687

SHA512
c9ec125dbaf515db1ae9b296b79bedae0ad0838fbd006d1fd34dd9cba6a64712515bcd6464ed5537e219c27b9e254462564f4dc2171d138c694d64fe8b3ecd72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
e38d24d732cb49feaf06c7c8e0b519d6

SHA1
5029ab5bc2b9d0acc54e603e0c42199602c7ad3a

SHA256
e68267f09b221c92f8046a800cbcc408002ff2f20d3e213bbad3473f73e4e927

SHA512
f226003a6159649f739e6069a6e6fa455f3be9a6763f7f7f8c05feeee539e74427dd6c6af817338a9b09e72ed5f66f0dc9dabb55cbd0afddfbcfe9571b133699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit