hxxps://google[.]com

Analysis

max time kernel
1802s
max time network
1694s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133513720708419686"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 3984	4268	chrome.exe	83
PID 4268 wrote to memory of 3984	4268	chrome.exe	83
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 3476	4268	chrome.exe	89
PID 4268 wrote to memory of 2092	4268	chrome.exe	85
PID 4268 wrote to memory of 2092	4268	chrome.exe	85
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86
PID 4268 wrote to memory of 404	4268	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa40c79758,0x7ffa40c79768,0x7ffa40c79778
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2668 --field-trial-handle=1864,i,3920433529181161155,18082916308061072425,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
438059d388ae71977f321497a9f8c571

SHA1
2a54b7b97e7e0e9f6791798e09ac62e64ec42de5

SHA256
38234be2e8a55afdd05dc6b414437348bc5f7f29f61df5b9e0b8835d7e1f521c

SHA512
7dc7e4bd4660886c005ab40f79fbf1d4076d77d136956f9a791d82a2445a535d7e81ce901c12fe642d84926f961cb1f95028714bb5688d61bdc5413366148073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bebc496a124db6c6be945f86128a520d

SHA1
779052d4d99cfbede084089a49894b7f92270bd0

SHA256
d515b7c6e9fe1c8512f1f2044c82e361edc1636ac8b69ceb5ad0d8cd579974f9

SHA512
8343671d7d6d1494e0172e9ec41cf8da6c594102723a46641b078a08a7ad641eef3a32d1be8aa1dcaabc5d5e4b609e027d3b87cfa01b760e15a2d16f4872fc01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8da8c9ca2c9a0c16ae4d025daab64c57

SHA1
c6ef3948143ba8226008f74fb6be6c3fc6c738f4

SHA256
8e92db54d770f547e98d97b5bf65038aa5a7e2ccd5c5a91753b7361009620875

SHA512
cff51631d2add00af02b17eb03ffb2478fda1f53f503477d9b13f6acbdce29472f808d91a4cdc0c281a5d016e7f3f5eccc76923fc925254cb424a796713bf1a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d0d2a2aeb666f9b98a051aa2ad7dcf43

SHA1
d341ccaffd5180909d3ecee82e98626e6513a97c

SHA256
60b86ac78cb76b6cc8211f03e86f19df8303968854d283cfa9e017ed3cd21312

SHA512
4721c997949c12ca15ad0c066d55bac7bd728674fa96654c25ac015d94b8206f96becb843c15a1540d8f6ebc8e66de1d4fc54c88ae6df0a558eff15d33f21907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
541bb124cb199c4f96588e1df2e58287

SHA1
9aa21c91fdf8973fadc25ce7ab3280bd299a6e7f

SHA256
b5ec8b48ead131ab092182e4568a6e96042bfdd7770b44d046298cf54b8c36cd

SHA512
762c402b77528f0584f355b34880e635e6a86ee2ea19738e0637b95045f4515950f521141f0f3e9ed0a9b2eb51a5004497916436837af0b3eabfe8c24772e1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe426b6ab6819bc73886a614bc3db2f6

SHA1
54184647052dd6c7a40406eb0e090434832d0d08

SHA256
381a51d0c874a771a4dac3977bc25f8f96a6c700b7debf928ad3f11d65ed3f64

SHA512
072729514941a90f689629319b661d94aa077cd9c0bd93ea0aaa057a19c74a432988750f6173cc05084592a897044c03b91e43b54fc2bb9c136de1244bb1920a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
8b582b5ae37a9b6f71fa2707364fac46

SHA1
5d6933f9ade3436fb335b86de4eb404239b8291f

SHA256
bacbc57e1723296ed823b4ed46c9b592c72a05c1d105ff7f6bb7062aead469cb

SHA512
591bc937d7c5d47c4be8750ce0e9b51406f080c69c9fa78ef135b3e8043df8cb77c47705f3f750811af979d3a13a028c4a68591a8843837b14a68a375a3d3423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit