ef16addb4df05233277a29fdd00fb314a6ebb54d755ad63b6309a009e08b2721

Analysis

max time kernel
131s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

188KB
MD5

25d4e6183abbece5811037a513dd6ec0
SHA1

a2dd623fb0339bca5c5ce0775ac995fc2a074476
SHA256

ef16addb4df05233277a29fdd00fb314a6ebb54d755ad63b6309a009e08b2721
SHA512

885102a275a81de6f664d6e104a9ac3de97b763ff02061f47c747daa3885950ea59a6a1bf69353dc1328a6d4c85dd16bbe88dcbc22808e37c7b430cd567b0b60
SSDEEP

3072:A+86WghQdxomjwe78c5yDf7YPBCn522xl3yqDpSqFvr+zqXMpP73Qq4qcuIsnYdY:A+VWghQdxomjwe78c5yDf7YPBCn522xS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2804	1516	chrome.exe	36
PID 1516 wrote to memory of 2804	1516	chrome.exe	36
PID 1516 wrote to memory of 2804	1516	chrome.exe	36
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2780	1516	chrome.exe	37
PID 1516 wrote to memory of 2812	1516	chrome.exe	38
PID 1516 wrote to memory of 2812	1516	chrome.exe	38
PID 1516 wrote to memory of 2812	1516	chrome.exe	38

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f79758,0x7fef5f79768,0x7fef5f79778
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1312,i,16043915012757602302,17055710452411861783,131072 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1368 --field-trial-handle=1312,i,16043915012757602302,17055710452411861783,131072 /prefetch:8
  2⤵
  PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=2768 --field-trial-handle=1304,i,4226499634312775448,9018463100872487837,131072 /prefetch:1
1⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1008 --field-trial-handle=1304,i,4226499634312775448,9018463100872487837,131072 /prefetch:2
1⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=3428 --field-trial-handle=1304,i,4226499634312775448,9018463100872487837,131072 /prefetch:1
1⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1304,i,4226499634312775448,9018463100872487837,131072 /prefetch:8
1⤵
PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\593e99d5-f352-44ef-b2e2-924c952b5e94.tmp

Filesize
114KB

MD5
d2448f19b019cb9f3ac7cb3c07139aec

SHA1
4a8009cd956807aeae4af29bd00b42f913330dee

SHA256
14f34f7d4d7fbf48ed40904650e76fa6ceecfa65ecd3a7a814db3f85f07f45ac

SHA512
a467a79b5f56da023172fe06126c174d9b2308e80f1a1972de85246f1335b8acc19acfbd270f34e32ed2c308ebd341bf9bb16385ce0362d25f154a94e8334c1e

Download Submit