1fa46c0210edb585455e915bcee056d98042b03f1e2d26c9b4fc590f1278611b

Analysis

max time kernel
149s
max time network
140s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
01-02-2024 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Portfolio/index.html
Size

35KB
MD5

1114d7201f5f9b8e3399634edc2b1226
SHA1

eb4005044979bdb818ab889504f47f1c7448f633
SHA256

0e7fc29bdb9d43a05cd6c0e9b490295fbb1584a4168769d27be3da6c31f33b81
SHA512

08fb0848efd1caeb2f40b62785e6380abac67aa8e525f11bb3bcfddc9f686dee7750e512667e5c1b841d7de4741d157ce342f15bf573dcf907796bde1ee673cd
SSDEEP

384:6g9tUOOOncOOOgWGO5X7QlhPCog1BfbEZrpS7LiUiOi+9e:6g9tUOOOncOOOx+rgiUiOi+9e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512843948965570"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2924 chrome.exe
2924 chrome.exe
2604 chrome.exe
2604 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

2924 chrome.exe
2924 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2924 wrote to memory of 4828	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4828	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4072	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4636	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4636	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3112	2924	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Portfolio\index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x7c,0x10c,0x7ffc30ad9758,0x7ffc30ad9768,0x7ffc30ad9778
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1476 --field-trial-handle=1796,i,17239753011727828831,18171435195357189169,131072 /prefetch:2
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1796,i,17239753011727828831,18171435195357189169,131072 /prefetch:8
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1796,i,17239753011727828831,18171435195357189169,131072 /prefetch:1
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1796,i,17239753011727828831,18171435195357189169,131072 /prefetch:1
2⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1796,i,17239753011727828831,18171435195357189169,131072 /prefetch:8
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1796,i,17239753011727828831,18171435195357189169,131072 /prefetch:8
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1796,i,17239753011727828831,18171435195357189169,131072 /prefetch:8
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1796,i,17239753011727828831,18171435195357189169,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2604

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
b6c7d38f42f080c4d05c7901368577bc

SHA1
cc0a1df1f0732e2363eeee07028bea6fe7338eda

SHA256
399b08d275694351c6376d18018ee98d709f181ed5b4f72163623e4cc0923be0

SHA512
70b3b389ab821aca6cc5ad4e7ef12bde496398b357f20e88783eb5af14f9d99b04be32adba3b62dd6d55cdbe7367690d8a84f200050ad6095932feadfb5fb836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
537B

MD5
987a0e368528b22840017eaa4918333b

SHA1
0b4244e580dac591fe1f1185dfd8ce1713a6b344

SHA256
2706ee567873f269537b39147f1aab9c855ea6683e4177c48b06ffe36f63da71

SHA512
ca8ab9e90998a2d2485d2feed825c4ea92a50caa2a6069793dcbe6bf93c6b83a7924a8420da8f913f7cf73ee79f2952f901fe28baabb3e7d70519a15289ed8ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
219546bbab7639e3d7ae857e22482f75

SHA1
0f6856d19379c85397504c3fabf28d916fb02b33

SHA256
930b4e610ba7d256f4e94f582a2ba0170b087b3c977f37085072f97e9e1f65d8

SHA512
683bec443c21055b0bec9e4f79738f8650793f421e5ca3af9b63797d47958f589338beec2628f12b7293bf55aa78f539a0abb46ba5140aa2308ec16a8299f9ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
94a52e82ccb8a744328a8b1c51860da3

SHA1
b466d3b4726f8ea68d8a222866ce9b44f1753909

SHA256
ea684102b95ba7855acee1f6b8d4a5c8831d69dee86c7867e3a737b468f98406

SHA512
e73133c109314434de1856ecdeadaf95e37c1a24d12260906950f6e8b318f329a50f6714671db90b8fe809a1d1fc3a2c5134f0929dc385bc0bb39ea414ca077d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
a0e5232c3b3b6bb834b5140d56a5b207

SHA1
4b1e1439da6b352e06b1c65382de2bfc7e72445f

SHA256
cf1275edda8e774199d1624bdc6c07b9cb2e312fe233ed5dc0fb1c10b114fedc

SHA512
ba69b62e95e0a0db981110c6d367c6794e6d3ab3a2d98cdf573dab592c4861b5fdf3cc02a2052ffd8934bb2d8375bd453074270abb9b8325a4819d2d147052da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2924_LMNSCPGJNVFDHUZJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit