50680941e241dd09be575bcd3dda30b07b253d4105325a438bfc1e0da6698d49

Resubmissions

28/01/2024, 02:53

240128-dddcwsbefq 1

28/01/2024, 02:51

240128-db5z5ahga3 1

28/01/2024, 02:46

240128-c9cwkahfd2 1

Analysis

max time kernel
600s
max time network
605s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

s4gye.html
Size

5KB
MD5

bc43ad2d94c3c0d6ca87beadd27f203c
SHA1

359a229ba06cce155f4dcaa591035de1c1383998
SHA256

50680941e241dd09be575bcd3dda30b07b253d4105325a438bfc1e0da6698d49
SHA512

1762fc3c108570a88534a743589f3ba2a93274d0d2fb5986f9df7009860db54308cff1bedc0db39c8b18bb5dff53041a617a209e1ea22447b67f2706e40ea06c
SSDEEP

96:jMJvdJC76O/sP98S/thxGkpAqcW0nzSLY87hliM0q+6h3NKAE4mX6oqb:6vdJq6O/wF/tikpqnzSLY87fiM0L6hXX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133508841537265034"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 4012	2160	chrome.exe	34
PID 2160 wrote to memory of 4012	2160	chrome.exe	34
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 2356	2160	chrome.exe	87
PID 2160 wrote to memory of 1568	2160	chrome.exe	88
PID 2160 wrote to memory of 1568	2160	chrome.exe	88
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89
PID 2160 wrote to memory of 980	2160	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\s4gye.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff97e9758,0x7ffff97e9768,0x7ffff97e9778
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1864,i,11113338037876565235,12881209309493205601,131072 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1864,i,11113338037876565235,12881209309493205601,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1864,i,11113338037876565235,12881209309493205601,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1864,i,11113338037876565235,12881209309493205601,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1864,i,11113338037876565235,12881209309493205601,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1864,i,11113338037876565235,12881209309493205601,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1864,i,11113338037876565235,12881209309493205601,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=824 --field-trial-handle=1864,i,11113338037876565235,12881209309493205601,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
799fe944b46fa32bbea91548b288f044

SHA1
c5b1645402519642005d16b6efa15051e76cfe55

SHA256
80993abf2f8a1e923fdaeebe833c0e17edbbeddcf3a578a008fddc3353320995

SHA512
f4b8af9e8cd2cd34843fbab2b82532139708886a614eda0d9dc5984bc627cb0482ab3c22926f82e3dd30bc368a3a220deeecbdede51d528c56b0c7e4d06cd0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
736eb5aaf8978523928dbda8fd9adf52

SHA1
44008cc39b7ad5d01889f0460587e2eac8afb9c3

SHA256
d1ffcfbdc247361c7391d7eba73607e69f7d4eb367aa5b9eb4afaf4192ed9f63

SHA512
ef3994bbbe617ae2b658d0cb4f9485d63011db21fe894ef2d1de77c7cf5d4d71e2b8e4b9c911729883f714970afb82668b75fcbecf3c953c2371d8c418bcec5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7244757ff9088f0fd02e1c0c942ff341

SHA1
1fd2313d8feac380337efc6428929a08b604b6ca

SHA256
184cd78241dbf07853e246caea9c679c4752ff6e7110d3567bb48e696d1a0380

SHA512
716612191bf42c579cc6ecf624e943de61413cf97836bd028fe770915547c42b50d81a35951a2c579c7f48e084a333fcd09511d3194e0a1c4b1de848027e9da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
32e1b51b3b734a08c1d3db92db66890e

SHA1
54cf8d8b9ce4cf51bdd537b56d98166386ea9ee5

SHA256
943714c7d6cc9f35cec240592791400b92a2b1345277680a19b1b0969d9ddfbf

SHA512
8f3b496a32ce40e36912445015d62f0567144bbb03af0ac7b84c96d6c130c35e884423b5918aaad9269af62fc3f4a8d3169d42d1680f8f2a1dd8a67d716bd0e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b79f814a2e3760abe723dbc81b88301e

SHA1
1295f310fb2ae29f89a17b495cd22db414f5f222

SHA256
7dd3e81c8866f7ee42a4152a69d83329798222d1f0852e9334d3242853567ff6

SHA512
1d6afeabafb2cab1564be678980aad6790defb685f3cc355eaca193f67af0472b0b1095e3d14b816f8bd0313921cd894e059c13d9a100db925ac24abd0e23148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
19acb6653c4663150d36ad98d644df78

SHA1
9ecf7f8d26757f9665d4d19f61fc888e5b95f8dc

SHA256
5c7d93f2abcd1d261ed1042ae26dca6172a56a361fda814b9a0d184822725655

SHA512
61671c859d5a2b06409ff01f908df19c4c63b945339074c75d268135c13471c4706a27fa85981eb3d3d711d7d3f1bf5ecf8ff4a8d2b37ea112c4845f5eaa6ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit