Overview
overview
7Static
static
1URLScan
urlscan
1https://google.com
windows7-x64
https://google.com
windows10-1703-x64
1https://google.com
windows10-2004-x64
1https://google.com
windows11-21h2-x64
1https://google.com
android-10-x64
1https://google.com
android-11-x64
1https://google.com
android-13-x64
1https://google.com
android-9-x86
1https://google.com
macos-10.15-amd64
7https://google.com
debian-9-armhf
https://google.com
debian-9-mips
https://google.com
debian-9-mipsel
https://google.com
ubuntu-18.04-amd64
Analysis
-
max time kernel
1800s -
max time network
1697s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
13/01/2024, 04:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://google.com
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
https://google.com
Resource
win10-20231215-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
https://google.com
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
https://google.com
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
https://google.com
Resource
android-x64-20231215-en
android-10-x64
Behavioral task
behavioral6
Sample
https://google.com
Resource
android-x64-arm64-20231215-en
android-11-x64
Behavioral task
behavioral7
Sample
https://google.com
Resource
android-33-x64-arm64-20231215-en
android-13-x64
Behavioral task
behavioral8
Sample
https://google.com
Resource
android-x86-arm-20231215-en
android-9-x86
Behavioral task
behavioral9
Sample
https://google.com
Resource
macos-20231201-en
macos-10.15-amd64
Behavioral task
behavioral10
Sample
https://google.com
Resource
debian9-armhf-20231221-en
debian-9-armhf
Behavioral task
behavioral11
Sample
https://google.com
Resource
debian9-mipsbe-20231221-en
debian-9-mips
Behavioral task
behavioral12
Sample
https://google.com
Resource
debian9-mipsel-20231221-en
debian-9-mipsel
Behavioral task
behavioral13
Sample
https://google.com
Resource
ubuntu1804-amd64-20231221-en
ubuntu-18.04-amd64
General
-
Target
https://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133495926837102284" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1340 chrome.exe 1340 chrome.exe 2100 chrome.exe 2100 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe Token: SeShutdownPrivilege 1340 chrome.exe Token: SeCreatePagefilePrivilege 1340 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe 1340 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1340 wrote to memory of 236 1340 chrome.exe 29 PID 1340 wrote to memory of 236 1340 chrome.exe 29 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 3824 1340 chrome.exe 82 PID 1340 wrote to memory of 2092 1340 chrome.exe 83 PID 1340 wrote to memory of 2092 1340 chrome.exe 83 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84 PID 1340 wrote to memory of 2264 1340 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7fffdcda9758,0x7fffdcda9768,0x7fffdcda97782⤵PID:236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:22⤵PID:3824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:82⤵PID:2264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:12⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:12⤵PID:4168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3956 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:12⤵PID:2404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:82⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:82⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3688 --field-trial-handle=1716,i,7003496571837849677,698573476669318229,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD57e1593f0c6846df261e789990572f1b0
SHA15026730573d23e5e76fb72f2ed8aac689733db1c
SHA2563e22de212e50398f824e5cb521dd79fef0eadc2df198f8cab521da1a4051dc6c
SHA51275c54d67db652ce33963a3da2fa87c7786f82b538b95b77d3e3fc9912679aa80a43e67291ee6683f6dde9ba4c3b9896d2c009b087e90ec2fcefae6acbd26c2b4
-
Filesize
2KB
MD59f738aff6f619b8149a2c2356cbc3766
SHA1184d4ff95ccf139227fe6194a5c08d4da9936b7b
SHA256a59001a6fa7c25dc9a2cb4f93cdecd976d52313c8ad39b65338080af52101beb
SHA51270034a7af097cc775052fec9589b9194a3828ea502ca8cfd8fe80ec40d8c8a34da1124745cb6ec56e9767a0a8a2b0ac0325679a361e7e3ca063e9cd91caadcc5
-
Filesize
2KB
MD5ccd345993b031f6a86a2a0d6a5810596
SHA12c952ebbeb5e34da6f7ce6de6ed56d97f3870556
SHA25645aeaacd56e5d9c9a28eb54e249e95f7d01a84aaca85565b4eb2860c9cb011aa
SHA5123a6ecf6d88224f84484fe5e41e662232e283eb2194b955bb0b68ca3c90ea39fa97de433a17efb4cb02ab068160578b3bdb525f4e6d526402858738999ba890e2
-
Filesize
2KB
MD5456fa8584ed6a6ee1bb5ca462d357e34
SHA12e1bed188259393643c819344af04e448e90caa5
SHA256533d0d97b95bc7335ee5cebd3ab7dd16464b55353e8c023a95cd1ca9234bd3d9
SHA512f79edc7f1e7f2a4e5e5c0166ac2d21c3e80cf637bab421cbaba15d383252180dfc62d24176f3e274b619643ebd9dc273afa6448332b2779daed199a408748e00
-
Filesize
371B
MD5d9498913fa8e020f514ae80a07d72546
SHA1b9b77a9d58992163ded6d7aadbd6dddf3acaf0c2
SHA256662ba8e6a3484dd50d5782a7a08a78080a6358ae6df3fcfe721a6e2126bd3654
SHA512b4c929e9a89469156bcd39130e9a6ec626d1493aa4ec235f229a2abe8b3f9e05651733ba1ce1049d4d2923fce428e8657e0b9dfe7d15b69205795a4cb494dc78
-
Filesize
6KB
MD5e4d1c32fe27d455f1c46930be49e2a75
SHA160625be9f1ba82ea1e3b38e260c353db441e5fbf
SHA2565bc1693a432d80cc2bc108631e8f692e3cb8e812e50c7991b627c01e262565b6
SHA5123487b17b394c9fb195c141a5e3cf9fa3b6cab81569534701d730201de4bf2b8c6896c1a71e0cbbd59f0498bd927c9f104917668d34cbbbdd9a4c72df9e0689d9
-
Filesize
114KB
MD564f38e1549e9d0e8ecb649fe240f477a
SHA157f76b376d0793844d56e44f6d37c9fa7ac5436e
SHA25608e7d062de1a5d20662909f9a9825ad264b634096053ac90034baad26ad4eeda
SHA5124d8648e1c4c814555d9d32c5ed43a255b0ba9435894dac00ef261d3046a5d886e86837d9de319e909441703d216543753fe8692e87c58260b3d0c49f884b3d31
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd