hxxp://www[.]openssl[.]org/~bodo/ssl-poodle[.]pdf

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.openssl.org/~bodo/ssl-poodle.pdf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133500801919697214"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
1972	chrome.exe
1972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 3044	1012	chrome.exe	84
PID 1012 wrote to memory of 3044	1012	chrome.exe	84
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 2608	1012	chrome.exe	88
PID 1012 wrote to memory of 1752	1012	chrome.exe	89
PID 1012 wrote to memory of 1752	1012	chrome.exe	89
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90
PID 1012 wrote to memory of 4588	1012	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.openssl.org/~bodo/ssl-poodle.pdf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff986e09758,0x7ff986e09768,0x7ff986e09778
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4792 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3788 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3328 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 --field-trial-handle=1304,i,11439236726968665913,2012358259016898978,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
fdc9e194844b327c1e2e088b4d29e58c

SHA1
35458435d2c4aa1820f1beef07ac31c0e521da4d

SHA256
861a955e3faf13b77e1cafd3d54005ffd531f1718837532b63026deb3df51580

SHA512
62d2410ce96140f70b901c73abe962dfcd91dc212f52e430c1a21f32e3f17ed29e117a247dcde5baf15fd207dca04abac23f142a5ca669a0a5bc46f0b4f5c76b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
17d4a407f7f0fa0f9a25ddedcd79f484

SHA1
8415c02d0c73873243c3f929f1167ec1d7872c5d

SHA256
5ded5af203fd8c458eabf718e5aad7f0c5c16f37c645dcd09e8b8ccc966cfc47

SHA512
f11a5587692cbf1e6c5c410afaa06c41df7dbd87582a736e4bab6e40fa07ef388b4a12e16773cfa5aa0edc507be5f10fa24b7210b101b2e69ebdfb1ebc6bd7b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
413c55c634498085085a36d27b4e47a3

SHA1
293419e972c59aafaaf8e7b980e272b718544b31

SHA256
791b33e6aa0a2d5f180ceb926f24b2e3f30a322b34b536f7c02787f0de988b23

SHA512
2c0bb9ba38143f9943e315e9182bf6667fc50510993269faf5780258881734aa39b8c072fca62c448bff94448389c90923bef3adfcc3fcfa1ae4e32759daa66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c2cdceccc724503fe62cab2b3968ec0d

SHA1
b9d742b3174421efd11e9a6f7253e71700727cba

SHA256
5ac97a601e6c258e997a6b9cebb51a74fa64e8f9d5df6284a386cc83cc4686a3

SHA512
4dbae90fc6fc0ad56fcf3f537e9fa0c4e1aee5b3f6f8bce1e1e7932f47fe9c89d5459567c9ab12d74cf8bcb65702fee77517c1c3a34f6402895c3336c4d877aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
e9e1b9bc407ddfe1bd7b271f235e953a

SHA1
2fd83bbad581c4da48cda62c9e8fb47d2170cabc

SHA256
f61c83f9331b54081e1962594c50ca105858c06fd93a6d4d37a0f225d10d0da1

SHA512
4a98b5ee570f31a28830c77659457729a2f825e2cf60568ef41d3a70f3e57aeb80a1a16dafa7e359460c6392682588a3b71dd7a482002bd39e97045fa188ded3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit