9800732090589271a1e0a7b6c53b05c9a366655e8ab4f9e3d7c5a838f943c376

Analysis

max time kernel
64s
max time network
62s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
19/02/2024, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

message.html
Size

819KB
MD5

a4ec5c3ec1f4d7159a709e3989701320
SHA1

9aadafbfc5779477796d87252a458971870788b5
SHA256

9800732090589271a1e0a7b6c53b05c9a366655e8ab4f9e3d7c5a838f943c376
SHA512

1a1e3fc95e9ffb2939a764456f637235fe628dfb8157c89cfabe839a3932539a8fee84d87036a46823197a64cff507578cf27c9659df47f4ff06ea796115de53
SSDEEP

6144:aSrPGb6pFz+J6dCcfOMcXLtEGYKM29+9oPyv1LIpc1JRqSYL:0EGd79UoPyOL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528568465583385"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
776	chrome.exe
776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe
Token: SeShutdownPrivilege	776	chrome.exe
Token: SeCreatePagefilePrivilege	776	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe
776	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 3572	776	chrome.exe	74
PID 776 wrote to memory of 3572	776	chrome.exe	74
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 4376	776	chrome.exe	77
PID 776 wrote to memory of 2360	776	chrome.exe	76
PID 776 wrote to memory of 2360	776	chrome.exe	76
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78
PID 776 wrote to memory of 1736	776	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\message.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff86b4a9758,0x7ff86b4a9768,0x7ff86b4a9778
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4548 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4540 --field-trial-handle=1736,i,13616632343067445434,17879714691003868995,131072 /prefetch:1
  2⤵
  PID:3276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
604bf1c8b5aacdfd628a666d30b898d8

SHA1
ff0d2fe25121d8a26d844d2fa825a50e338aa7ac

SHA256
b8c4a79724f310030ac24a759d9931e2337ecb216dba36ba51751db20800afdb

SHA512
6757144aef1c0c042b28e618de90037fd9f2223f0a8b373687692081a7ac649efd86bf9df9c52541a4588fc9ae47ae8ba8ecb9f3701727aa7ff153456e3d0891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
16335f0d0d97e737685aaa3ef693705f

SHA1
fdfc861164af5757436a6c75b62fcc1acccba9e7

SHA256
7c91dd529ea193f0d4f28c1903a593ba6933e413cde1129f0a5859020ae194f2

SHA512
d67939132c3441fc51490e0a1ebaf66312f14906dd53c267a680cd256010e611183471fe5b6c69b6a230be206c8965fddb790b2f7d634e673a079e4a909f67ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7bbdbc7cbd63b253578a0afe0ba31821

SHA1
ec3b65a4ec9b225dd17401bbf3e52c3d32a35101

SHA256
f4f078021e94b1a0e5482ac4ccd953bb52953e2f9df0b5dbdd3a58503e11b554

SHA512
4e83d8bd97ebc74b8bd96b379dff951c87d7ee882ece44a1d8115f060b8d25bdf791b2968c4d088269eda8837398608bbf164ac4f1c5b6797ba43eb7959b1b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b29df97b33c5141076afb623f681be29

SHA1
4d9add6d1f4129d3eb5489c0996f44b0b0f77669

SHA256
294dbf10b93413ca274127b3aaae785b2b998714feac8dc0c463e20765e84537

SHA512
dc1cab709661217f0b10b22cbc68621a8091c2f045b98f886e056ba7879b72d5c0c28fac326d525ea8136f4383113d3e38598510b81079e657367dffb1c0f51d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
271ba3f8a3aed72c5749329ad641bdfd

SHA1
4e9d91aba034ab3d5b603bbe224bdd89594000d5

SHA256
288a4fbe8b60e79361e31962f149e46b74921d3d32c9132026254c0142e99adc

SHA512
c5ecb6a384d6c654759147fcd490453b1b5b1a9a90655fa62b16f05046a58c35706a1f5621be51920ff837d35b06f6c2b942c1cc8f59143506b83db25585ab38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit