hxxps://www[.]google[.]com

Resubmissions

02/02/2024, 00:48

240202-a529jsccbp 1

02/02/2024, 00:48

240202-a5t8yaccbj 1

02/02/2024, 00:45

240202-a3333acber 1

Analysis

max time kernel
1799s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133513088662461140"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 540	4232	chrome.exe	61
PID 4232 wrote to memory of 540	4232	chrome.exe	61
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 4372	4232	chrome.exe	86
PID 4232 wrote to memory of 1960	4232	chrome.exe	88
PID 4232 wrote to memory of 1960	4232	chrome.exe	88
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87
PID 4232 wrote to memory of 2032	4232	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd7bc9758,0x7ffcd7bc9768,0x7ffcd7bc9778
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 --field-trial-handle=1740,i,15318174298625741417,14607829123468409529,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2d3060a8d1670cf8bf6366be7b78f940

SHA1
4c4de2b4181e998282d0fe21f44df5e209b45e86

SHA256
597e81934a0d0305f68370829209435df6300ffae63b6515efb30ed0e1c6c972

SHA512
0e9bc8556103a8d02067f1d05af7d7f4748139b1bf49f952f4abe679f40e9e05d4a758b1f5993a1478e42a55e63902c039cc3ea3414c27297c938f872ee6f25d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
53b3bb15fc3fbcd8c05b0e349aed6372

SHA1
acd787a4f49dda93fab71582670b4eb56a307376

SHA256
c18f77b627f85e95ba7ac1917da4fc84a3d0b852e98cd24286cc4ea959cab8af

SHA512
730820d4c78efb24234a16ee4079b94f6abb1c306038ba1539aa88398da6489adcc46aca0bf0743111b818722d3993346edd3e8b0f506ca7fab22f6351cbdfdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4bc31d48fb9ea0d4d49c8c204f371210

SHA1
2f2d347d368800f57fa98d6b2baacdcbbe7ef408

SHA256
9de05110290bbb382068429a48f1227895e05f2918201ecbe9eb1c2725bb961a

SHA512
5804db224e403fdf3f6f1d3c1f45b295c75c73f0503d377f5f433bf77424c92f3c99b67d83d09933f1161450bba627d2b93d31035587baa6ff18e53374fa19d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
41d21fcc5fd85636196c20433754f052

SHA1
40b42aa68375727ef76a4cc92b26c1f7fd82f4dd

SHA256
63fadc594856be7b90e993db88d3634b943bf4fd87d700594bfec72fa19fb5ae

SHA512
f8f2b4104e553da36d825fd838f77cb29421a5651d545ce667b1d598f9f9953b530ed3813e5584fb4716e6410234de31991e1edc3d080f26591a574155141b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9b07a82858b50b146196134044473d93

SHA1
a25851225c8aeee09d5e41f141fdcae5f87038d7

SHA256
746e856ce1707d79d41562f79a729e5f7bb90cf852adebdcf568c6e476467aeb

SHA512
e682834b413bdf2780a4b4800e41af13975d67e20c49360ca92f8e8421cb5ae68205fa4f2e44cea5700339116ed48cd6f30927e7f07557d714306a5540815413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb2d24bb93170c5e4db056914fd0c532

SHA1
61fb8b7d82c76bbb28350a709322682ed4944c6d

SHA256
47e2a4a4b0f9e3b341666e5772572ac0f60eb3c2ebb1fdc6ae094620d8aa5e49

SHA512
8092aae2b35beecf18aa64a754f01f026b929418a8d6c71393c93e5c4e082dcaa44fe63c3586b41db0e38177ed4c2a74758912e02ccd5f529518b3b31332de7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c161d50fb92ab02e98e871e14a35e707

SHA1
12b2e8d4b894b212f79f5d8e11fd2f0e0134e7e7

SHA256
ab820b0863709240f73ff1420b40254956e582ce83c4f64bf57cc31e152cd8ed

SHA512
74cad2ff15f8aad050f7a7ed82cc72d4846d794fe24d746a0bf447c6655ca63383e720aa32cbff60077b4faa318767470cd9722a8e546d469319870d2566f62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit