0768fd561dbb7bd32009c25c1e171e2e9e0a3e7ad2dd9e97834f21c9eb6bce1a

Analysis

max time kernel
165s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

index.html
Size

380B
MD5

7b1f6da48c4e1244e51cd8b4ddbdf81f
SHA1

b10ae11f3115731603f9ad7e32c73a3537b03327
SHA256

0768fd561dbb7bd32009c25c1e171e2e9e0a3e7ad2dd9e97834f21c9eb6bce1a
SHA512

90c307bb6c10b465b4448154adc308327a320768a3b5065ead521c0446e4be9f5c5767c2d87ed8f778d26f81d6a9c72d9141a399f1a8aea96e8c32f4e9febfe1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133500983140559094"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2848	1500	chrome.exe	80
PID 1500 wrote to memory of 2848	1500	chrome.exe	80
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 3956	1500	chrome.exe	82
PID 1500 wrote to memory of 2900	1500	chrome.exe	83
PID 1500 wrote to memory of 2900	1500	chrome.exe	83
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84
PID 1500 wrote to memory of 2644	1500	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3589758,0x7ffaf3589768,0x7ffaf3589778
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1908,i,8769862319760672885,4702536285141984626,131072 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1908,i,8769862319760672885,4702536285141984626,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1908,i,8769862319760672885,4702536285141984626,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1908,i,8769862319760672885,4702536285141984626,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1908,i,8769862319760672885,4702536285141984626,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1908,i,8769862319760672885,4702536285141984626,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1908,i,8769862319760672885,4702536285141984626,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=884 --field-trial-handle=1908,i,8769862319760672885,4702536285141984626,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
e7d085932a5c43bd4379b5614c7d5e8b

SHA1
1ceffe2fd0a33be5aa0090a747429fef42fc7c89

SHA256
a1778f070e94cc0d93ccab03817d77576c3967eb063f4ee98c8bcc31aed6d3f1

SHA512
10234db3ff8d39443f7096a000b4003577eaedde1b4a48c58570225a6536a437d1f3cf3af526232ac2a2bdb9bc51983928d368373eb559248831d9356a460fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c13eebc711c987b6f78da9c5c28a0a12

SHA1
afc46289a168283fbdf3e22436d75854f1a9db0e

SHA256
20c9f4b4142766128d0f1444c2ddb392c2fafb85f95a99a6d391e11f07318a84

SHA512
b9586c1eb5d45e41950485b3dbbb2a4a422f1e985cbda2607435228f793b1f7762de85b9b11d9e5b6f03bc22ae0e9192843dcde4a2d4453d1adb41f0661d0c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
291505f58de6a717c8b8f4c0b2ebde4f

SHA1
0960827bb5db6947610066a3518f1a5ec99618f0

SHA256
e25aa8e9105c86b260da67e4fccd1c3043e7de65c382817f751023dae0e893b9

SHA512
a99a52afd508907510162b07409475aa9757f9c0b99eeddeabd015eb2416ebfdbc558721ed7a0a412ef643ad0d607d33eb3656a4378fe9fe14d667bce1ae9579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
01887984086b1dd05a3cd0941ae7a9c7

SHA1
f34c66b3c8412b1a645f74c1979e67320965b94a

SHA256
91f768ebd8d597100ff2a68b7e4f4642a663c199b604c5f723292f604de3e2f4

SHA512
f31475eb9aa15a2ed4bddad87f162e778238b86eb6659f193b428b6f364f7db7270150847cc5b539c258706191ba5529b751d4b9950d2fb134216a9103247fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit