hxxp://google[.]com

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504772319867512"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
5028	chrome.exe
5028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeCreatePagefilePrivilege	1964	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 868	1964	chrome.exe	88
PID 1964 wrote to memory of 868	1964	chrome.exe	88
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 2644	1964	chrome.exe	93
PID 1964 wrote to memory of 3612	1964	chrome.exe	92
PID 1964 wrote to memory of 3612	1964	chrome.exe	92
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91
PID 1964 wrote to memory of 4328	1964	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29849758,0x7ffa29849768,0x7ffa29849778
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:2
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3288 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 --field-trial-handle=1856,i,6307397327717617052,14731877231247210594,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:64

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ade7dae845dd03063f905877c28aa056

SHA1
41119204c1dfb6e444f784917c46a1fccafa769b

SHA256
dc923d8171c8378382b92341000547d06a3da38c2dea96d33fab3c7550103818

SHA512
e6b4bad7338f3383d2d7215c8d32809ea28c4c655e58377d46b5dbe1bd5ff285d4a0118313b32b0eba3e9a8c6d08b2792836ce79e477073e84d7f9d0d1d84852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ffd38e44c92921d36f17aeb9df52ae2f

SHA1
507bf639a85616a12d30d61e75d7e9a8cde32767

SHA256
57f2fe0469ff5793f32cf7d2d7c8be10ea3d3a3001186112a13bb09076fe28da

SHA512
e3e6539f5d010f5bcdcf9e87f19dd5f0b9355d7345bab704ce10482304103a29019c676546470fdbe51f356b764b5699921ebe3518f74b75a67bccc16700b13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7f98c4e2e6b05ef563274385289b67ae

SHA1
a8a252fd4f823b2301c145de62573656182f9543

SHA256
8119467c0c142c7b72db0805ca0b0120c288f817d45930721683dc5a51dc4408

SHA512
4f6ab38a0ed65246dd4bda4848ba0fe79db807bc341d3603e57866a3ed1f75a90cad58f77e0c370f39f7467421d20484ddea507547caff4a9ad788365b279a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
275d9757528a3f7a12c65d5d36238c7b

SHA1
2cf2eca71f296c5d26c4a228dfd113b235f12f3f

SHA256
15d1b4396b2d8dea5563846d20609399b30cc652f263a09151c5692589457dcd

SHA512
ad8d5475e7c4d897b251cdf6648f4441763b1bc4b6d5710dcb1b582b330c9b0267540c9d154501d71ab791c0372c62655c67977408f70244ea293077444719ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d7590f98a16959c91832a09ef589a526

SHA1
a5cb67a4560b669401d091afe0d04eb999f97661

SHA256
7b6189e031bc6ea671280bcc900cb89d1dc57ea713f5b360d2c39c6662f6d441

SHA512
26be865964a758f1452de6c37e07959d54eaf3a5b6d37ccbad7413bed251f8b67f77846cead0115032e39802f08dbdd53fe4a5cd71b4065f5215b5415bb33c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit