17a507cce4066c4be7db53d64d9a9e11dfecfd4f2411393690506e591b5895cd

Analysis

max time kernel
149s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
14-02-2024 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7z2401-x64.exe
Size

1.5MB
MD5

de644b4e1086f1315c422f359133543b
SHA1

54be86d121879b0e5d86604297c57a926d665fa8
SHA256

17a507cce4066c4be7db53d64d9a9e11dfecfd4f2411393690506e591b5895cd
SHA512

714d41254352d91834a4b648d613e9b4452b93b097b5781ec5bf3ec7c310a489d3a1c409b2f0a6946822b96f6943b579910d26a5f4324b320d485e856dbdcb1a
SSDEEP

49152:8yEuRNRgYQYk6tC0tkaNuiXatTQY7quUncuTVyvn65:8yEoL7tCzlqLcuBz5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523889481470190"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 4284	2200	chrome.exe	80
PID 2200 wrote to memory of 4284	2200	chrome.exe	80
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4156	2200	chrome.exe	82
PID 2200 wrote to memory of 4524	2200	chrome.exe	87
PID 2200 wrote to memory of 4524	2200	chrome.exe	87
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83
PID 2200 wrote to memory of 1904	2200	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\7z2401-x64.exe
"C:\Users\Admin\AppData\Local\Temp\7z2401-x64.exe"
1⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc6b219758,0x7ffc6b219768,0x7ffc6b219778
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:8
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1704,i,13603413541626641114,3441186538811172524,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4c5308ee-5bbe-4966-a990-994e968f1b97.tmp

Filesize
6KB

MD5
f19c8e4dde548611dd3709a6436fc9c1

SHA1
24ac2ce484247892dfec2e5290b906bbf1003031

SHA256
e800a90891f51f4ec0a4e9568a9aaeed16b5c43322a571aba8f97c583410564a

SHA512
95ab89c2e404b121b612c8a90aacc85bd220a54a7b7efa19ed7cbc69476bc621b639b11f99372565bdc614c1865590b462e5a0a1874efb5a931b407808365825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5a6590ad477349e9d0c581edc37f5ceb

SHA1
8b00efcd91f5f947bca1a79a45fbfb7c08bbe255

SHA256
3d6f8984f9d11d65e0bff01807b4eca6acbfb73412b9260af80bf9522cff6b0e

SHA512
23e402c659396ba46cfb3ac1eda67c0c5b2137ebe6ddc02409b545bd7d5c0d39f8d0b868d703f568e134748fa1ccd86dc015f7df4f0909d5814230b8b189fd06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d96e6b2eb101e5a0f8746b4dcfdab1fd

SHA1
a8cb93c2b22f7872ded4af8f68c7e50cddb12825

SHA256
d0d67e6d3c5ccb7c14f5ca60cc34e23791598b99acef278a0d60c90306195ffc

SHA512
eaaa32ecaf350854c3d21a36053f80e36950d0a8d06b51ca6e39727b57cee75c7b671959504c62db22bef2356297f3ea42557e2b48200fe0f5c197b728f42cdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
928e2cbc09c59db1250e6de6b73d291b

SHA1
724c52107ac11c1455cad36dfe12ef39744ef252

SHA256
c8a904872ae1d7c2001515848675db2b275e9899ed982441a352161da9ab7897

SHA512
7361f059aacee3e97adb5a84e31783d592537407a9005d9841606c110b718606a1b75bd5c574e37377b8011b5c401ef085992d981503197712ad11459a986e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e2e13ad6-8d1d-45b2-8225-3b91c7f7dd7f.tmp

Filesize
6KB

MD5
0a9311719a18999ab0b59433347b7ba9

SHA1
46862fac9feb15ad7bf00847123f6606f32b9056

SHA256
6b30d85adf62139b06395638a953aba3b40b22867694111de29552b482629b46

SHA512
c50164e6791cf2b0f6eada257c6e38f06e3fef48d9b1731934152e43cde754832c51e8c68f6b307771eea2749032b86a734f15c516a5779b25f503c58e807ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
0476d12c74aeac98ebd84330e75f4dfc

SHA1
8e3c6881a8fda71a129eb597c3f521499ff94414

SHA256
2666ef58d07a6eed52ac5d468235ae9b78903b6e76ea9d35e47d6e6f5063f35e

SHA512
8fa86d34f9415e0bae2ba279cdff012d96429d57f2d0a992eebba4945f666dd8d3a07193a188c0f7bac1a5463fb0fe70002f61ab8dfd9a05ae4f1a5171d074d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit