Analysis
-
max time kernel
716s -
max time network
1734s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19-02-2024 16:00
Static task
static1
Behavioral task
behavioral1
Sample
watch.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
watch.html
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
watch.html
-
Size
824KB
-
MD5
327b40f90f5675edb6231cc5b6f398d9
-
SHA1
8a7358f20ade5eac856d301aef55c1bb4f971d1d
-
SHA256
b3319138d8882fadfa3eacefdf56a822290cc82947a13ec53418274b49b3318e
-
SHA512
5338912eb64faea95b8ff209ea438da6c6432dc350b7757c2914304fe580b8e1753b6c55f77c48f85d72cb2f88d482dcb32ca52eab37dca51a803776205cc711
-
SSDEEP
12288:5qW0WcWVWcWvW/WWWrTEzq3wcVq3q/xw7f01L9:5Qqcz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe Token: SeShutdownPrivilege 2108 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe 2108 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2108 wrote to memory of 2496 2108 chrome.exe 28 PID 2108 wrote to memory of 2496 2108 chrome.exe 28 PID 2108 wrote to memory of 2496 2108 chrome.exe 28 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2132 2108 chrome.exe 30 PID 2108 wrote to memory of 2860 2108 chrome.exe 32 PID 2108 wrote to memory of 2860 2108 chrome.exe 32 PID 2108 wrote to memory of 2860 2108 chrome.exe 32 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31 PID 2108 wrote to memory of 2332 2108 chrome.exe 31
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7a39758,0x7fef7a39768,0x7fef7a397782⤵PID:2496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1212,i,12975750941586741481,7683951901746740884,131072 /prefetch:22⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1212,i,12975750941586741481,7683951901746740884,131072 /prefetch:82⤵PID:2332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1212,i,12975750941586741481,7683951901746740884,131072 /prefetch:82⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1212,i,12975750941586741481,7683951901746740884,131072 /prefetch:12⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1212,i,12975750941586741481,7683951901746740884,131072 /prefetch:12⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1256 --field-trial-handle=1212,i,12975750941586741481,7683951901746740884,131072 /prefetch:22⤵PID:1816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3192 --field-trial-handle=1212,i,12975750941586741481,7683951901746740884,131072 /prefetch:12⤵PID:1580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1212,i,12975750941586741481,7683951901746740884,131072 /prefetch:82⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\CURRENT~RFf769e33.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD533abc8f0fd559b2aa5aa5bca3c5f9a74
SHA1a3bf78fed6c114202fc78d8b474f6f9d23df5478
SHA256639b32ca18a6bff98ecd80f3f44c845ceb4f2e645741758d56bf0b39218ec18e
SHA5128806ea095e4458b33a8d8760052cc0123d821289b724234885728ed0809507712165e638bbca636e34660d5ffe5bf53fb9a530f2b5152d42b8c49b2fa0445648
-
Filesize
2KB
MD5219be5ef8be121dabdc85b3ac9d9a8b2
SHA146a1119ff7a7bdd0edaae7e46411e3525f3b4bc2
SHA256b88019e30224809e4d1f02c9cf14697b502bb0ba738eb9742866711c539a1989
SHA512c00c9f0ce2c63bec67b5103bc4bea4bd9c6f52c98c40c1aa794da7fc67456fcf0c35072284c4ae13c736d09076aa6ac5292e7c312e214cb6d0d383a9f13f29e3
-
Filesize
3KB
MD59e91deb61d1f740c63450e2f1e6e0419
SHA1e75c4c6d7bb69dc6ff1ae2f836702bbafca2ddcf
SHA256ea0eda298afb25f0a70bcbbc7974c681c3607f6bf767eef6643f80ac3190c9ea
SHA512a1b33a1fbbdd885caecfd7221767b06df4f9b110b31725bf73c8ea4ac090ec10889686331a94779ddc631eaf291fa55cf9f9c9c6c72c9e870e2ef844c2244f18
-
Filesize
363B
MD5362bb56f023e1ed721ac35c7d49a6e1d
SHA1a1c728a3b1636b857335a2df3c8e5351d21cb7f9
SHA25651d0c6b1732e31698785e7d96cc840d48422d03a7e09390fff638dd039abe888
SHA5127e163b75230919af25332b58c58219a91e463a0452533f65b5ddfdd96b9e4d63425aa647e087460d71127261ba5d74adc5cf66b09bbdb929fe9d71ac1fc72215
-
Filesize
4KB
MD5e3ec6f048499d3fedadfca7d47eecdfe
SHA175889c1558afb5f6745ba39a450054fcbdf76b9e
SHA25621d433f6571709cf2a4dffe04f8dc52e9b208e70a411839f471e17d39e0b4fc8
SHA512c533e9bceb2a81865c309dd5b02cde0d46079ff99547ed1ca818d1df0dcd1fdb56d7f5ef8477af0ec1b49b333d8ce9755a62b45121d7455f40afde82ce3361de
-
Filesize
4KB
MD592a6466db47c3b36d1159c6c6f243b3f
SHA13347a5c6bc2baf5693198cca22d603f49e9c0591
SHA2568407e1c8e601043d9d682eaa7b431b1986b975715b584d9f9e457a9a073d725c
SHA512235daa034be79998993ddae420a4120fe13d07ee922ac5a72b3e4557da809afb9ce7004c96f1229955194574796c9cf1a44a983dd1f082120270ee69decae633
-
Filesize
4KB
MD5c90e1ec48d81874c6c0349499cfc5369
SHA11a0b237391771bc8dca3f988679030f26db7e4d8
SHA256298ec58256c1b238b065b4d108cb47be9e7d1dc6b9e48fdd7cd2107dce6ec726
SHA5129c66e214cfd57421be229b5db9281f7e36c5378c7fddc9f4a0574abe529cf6e8d460df520ba62480034a5cb2253078a1eefea32d4537edbaa4806dcb0b39c320
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
Filesize144B
MD5ad393ab25050215ea67cbd2cbcbc8bab
SHA1588908c2901cd3410f80bcd7d58429ac9d7d01bf
SHA2568d8ba2a88fbb544a6be59eb58870e51bce45d441406236583afa45f41c767a3e
SHA51273be3cd570839a8f2e840c0c4ff69de3529c25c817bafc9a2562cab02f5b182196e5a4f2839846bbac9a727f2d2dcaf03a80b6e202b88b5886a7dbec3324ead0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
Filesize80B
MD5ecc53651ca581d7508e02340d2532bdc
SHA1e319801215bb7f97307a15e5da9c1b351d43792c
SHA256929d60f403f26712f440e021a6847fec1130374c7b6553938d93612a346e8633
SHA5124e372326dd4da01078ff0e3e0868bcd52c68553c641fdbd44650e0e52a14b1a67cdd87560852da88f97cb509306b5c5437587b44b4f3b8aa85742600993acae4
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2