Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://sharefile.com/support
Resource
win7-20231215-en
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506778916440194" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 1460 chrome.exe 1460 chrome.exe 808 chrome.exe 808 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1460 wrote to memory of 3980 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 3980 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4948 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4156 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4156 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe PID 1460 wrote to memory of 4900 1460 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sharefile.com/support1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd891d9758,0x7ffd891d9768,0x7ffd891d97782⤵PID:3980
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:22⤵PID:4948
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:82⤵PID:4156
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:82⤵PID:4900
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:12⤵PID:2616
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:12⤵PID:4012
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:82⤵PID:4016
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:82⤵PID:3936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5520 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:12⤵PID:60
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1860,i,8798522970765270252,14980198876495118912,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:808
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
384B
MD54cb330df4b553cac42b52ec031e68415
SHA1cf5c737c3b56291ef477db2d4b37473f7ffff360
SHA256833a989ade016495fd7d06fc76d992f2a793889340255dfc9fd1bcce105a30b2
SHA512558e8cb5052e06cdaec515ac1fd4b8fcabcf60684fe8be31214d5ec5aa53bf2d7820be3b4b5850337ee077436a6ebe4ba37fefa988ebefbd065da07b784c4fba
-
Filesize
1KB
MD5ad8918cf4e545369ea5d662112bdef6b
SHA1ad4c2a420e90a571cc7d7fb040050818259a1bad
SHA2563755d1f24ea57fae5efe85692e1d8e949314654f831a27e17900196ed1fbc63b
SHA512b8f85f85a950a4b2d9b561b221996c93cd99f129ff09d1c12de2cdc6a825abbba1029d20ac6106e1e173d36c2a176efc24acf6f2f21743d58499afd5208885ff
-
Filesize
1KB
MD5284179c27644f442da518586b6d7ae24
SHA170a30905806afaf3295cdba9baaf7fa08e4b66af
SHA25679c94ca09c076b08080429ad34b39e543b995f5db5abf3655321500a4bc3b055
SHA512be3c56328c9dedf2a155d6335a5a5643dcaedbaf8981c3a94ab7426c8af33c496bf8ffe478df14ff6cce909112b72c113fa28b392f1426f7d1c7a362442c61ea
-
Filesize
1KB
MD5fd13a6aedd1922afd027ce59ea17c7b3
SHA151ed4233ea1b70c62c1cbe9a75000a5a724aa78c
SHA256e8041136ec67b554d5526956be4e3d0d2a1848e4fe75b64084c5c66649ee1bb7
SHA5124acd76de322e1a51a17adba4afc5a090d8146f5da10e190243190d4765700d49e67934c4b1d2b23383b095d601b3648c5f5e43fcc1fef722ad963b6b57bf87a2
-
Filesize
1KB
MD5b4b5065535f260d7359a9ddc1e6660fc
SHA1c2080abb308b73dcd21fc19ac7598214c03a1c03
SHA25618ef2181e8260c070809280384527699cfe700e6001d3e44a69e67bd721cd381
SHA512b529b56e92a1acd4b12b19633f253d36bae42a8831da456ecb20b285efe5462865e8e6828cf2a8e8d9f7de88139f282845fecb9bac8af581e1b7943482f5ac26
-
Filesize
6KB
MD5de897f6f09b8a48328fbe7dcca4d3496
SHA18c9b088d446e38fa71973c92b2777b1f929a654c
SHA2565f08ac2af32fba73c05e51b45a4cda224a5d6132e3fe49073ef906d320e417d8
SHA512a157608f77d44f322fd669774a7e7e6b4930efb7db4bd0ce9d3713880c72b61eee21da8f0245fc1e068fc1847d6fab8caded953374f6f3baf2d6adc9f5e105ee
-
Filesize
6KB
MD5c133f14b02b2ec9e76cc1da8e9fc9efc
SHA15bb766b35be143353053ddf2acd167b779f749c0
SHA256d21916aa1b7645bec56abed5d8adefc337f3d6bb612dd0e4166a1883b6d9347b
SHA512d4abb4ed997b11657ae334be269995dea29f455464803f2b335d817a0e1da80f0a25d35a0e0768062ccfd4d5f7a92b495848a53bdc5f02e49930137db5877521
-
Filesize
6KB
MD5085df53dcdb351a1e7befe692df52281
SHA1ffad9774bb5481db7cec73e9d4fa417ab09d6397
SHA25694f1af4dffe4f9c3a72e762056296b129e8eb18496953e57bd6c3ea71f3c816a
SHA51228c9c0ee2cf45da8b7bb1167451d9bc99022dc90037ceceead974b82b57d326b190e273f961014de742aee21e84e0d647311be21d2852fba689e1869cc7250db
-
Filesize
114KB
MD5fb2b06706496d74e797ec781b25106f3
SHA14dba02cd4c5f4a2585a4d5f449290f9349096373
SHA256ce0467923280a90d9d987d87a8920c1c8fae55fa113f6162b8a3fa7fe95cbfcf
SHA512d21e6a643307888955fc4744361f20729bb916abeb56c2bd1f2b0b940553ae7f4ef03089ecd4a450344ad8a0fafe5ef25528f09dfd3cd7d4860bfe09fe85f7a3
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e