bc6d24dfbe46960ef61d4819e08e7a3fa81b178f3382d62e491561127c6affa9

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

chiptone.html
Size

120KB
MD5

19d617bce2c8a86e74bf284f27c1d7a9
SHA1

178696b04a124398d0fd2bef200681af6f60d528
SHA256

bc6d24dfbe46960ef61d4819e08e7a3fa81b178f3382d62e491561127c6affa9
SHA512

3c9db3c7fd724c2229fe37f0dbedb77b8645fe3a2d4df9628fa18db3eea2cca0fd5988f505d2f2518a4a83ef97ad44e6930bb6122a4c50c8350174e5f5e90d8e
SSDEEP

1536:guVqTZR72L5W8AZ09Pg06tN9SIw74+ZMY6DYgVEJF1lSIbbLK4oAqHonEZZN8ISt:w9SIw74+ZMY6+r2SyAIq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133513082972494679"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
608	chrome.exe
608	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe
Token: SeShutdownPrivilege	4708	chrome.exe
Token: SeCreatePagefilePrivilege	4708	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe
4708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 3132	4708	chrome.exe	84
PID 4708 wrote to memory of 3132	4708	chrome.exe	84
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 2912	4708	chrome.exe	86
PID 4708 wrote to memory of 964	4708	chrome.exe	88
PID 4708 wrote to memory of 964	4708	chrome.exe	88
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87
PID 4708 wrote to memory of 5052	4708	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\chiptone.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90c689758,0x7ff90c689768,0x7ff90c689778
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4980 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1868,i,5151790888737503127,16411388741050046002,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:784

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x530 0x52c
1⤵
PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a83d8b7667d9f7872fb1c80026fcf186

SHA1
535a6b19cba5d2300a6a4fa3efd27c146b58a4f5

SHA256
6281f97148c606c7be867f75aebf8398f8ddb49d897a529615d7dbb0bd36526a

SHA512
c99ba1ab5786a2b130ba6b336be9dbb0b06d507ac38df4b88be9eb43a32cc502f20d2bccd5e8eab87d561fc478c4da95ee3b11fe697ec203daebc9a18685c0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
17c1fa53e5d401abca7168836f995559

SHA1
97d6f8aea6478b50e22ee083449916de853bcb11

SHA256
80b1658f6153289d5fca1e719cca9cfc7607eb2ab027bd1ec21366364a4a64fc

SHA512
eaece13b744bd5771421adb6563fcaf6d2a0e70f1d8c25ce9ac2cc9810e307b94b2af9b0fcaa3c968efbdcff89ffb771b0986048c3ca8790c1f521febc949e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
18234c7b216e891541584f45cea3373e

SHA1
5f2354c23cc9d4960c143507baca0e41a81b3197

SHA256
546ed4a3e71cd6861e62cf8d9c0ffa10c3eb9429c8e4d7926829a1f9ea73024b

SHA512
d476176a87600a9622bf9705e0e39ebdb27f5926aa5019def57d496c60928c391b9a35470c6a99decfab1f31fc047edc428c49e0ff8010d925e926885690518d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c13766844a42f97ea9c07e92c29b702e

SHA1
ad20df57e89d8b93ad4ae46c967bcad707109b1e

SHA256
c51e86f33d31f16df73803d63d523526401e28ef029c9c1237b5e867953a2178

SHA512
953f76672f429ed4ed78d26930e3ff1d8d9f00d9431425aa0a63153f273d02cbe063e0525316e905f7c441e6841c5322b5ecc88894f833f821c32c072cde3a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f89e925afd369f8f9ed19ee6c9016731

SHA1
19334c47d8e66eec7b700f85245cd8f7c298f53c

SHA256
88429c27d8310a9b17e9562c3037ca223dd4db0f3b85fbd297b8b86435a63890

SHA512
6a450696482247685095cbc41f8c3b3285a4cb0aff4808844bef5560c9df3ee66a74c1eda2aa72d72f408546f43d3ce099bbb3420c2f8d5957f210a1860a0182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ffb1e8db8ce61da5b059f6f21ae54bc0

SHA1
3d23c2ad696e3062ebef4794671669f834110923

SHA256
0da7773a140e2d17e30dc42ec7e629f84d1fb27ca24732c119aa128cf2d52ad1

SHA512
e17d811ebd15b9779150cc09bfea4778f16ec4d626b4c004563694d4c83e97d04d558cd85150246bdbfd9fbe3b5df11a05e3d9db361d52e99b6bfafb934e7ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit