29e1ba65a6fa7733e25c9756f7da0ff6a0f405a9285854808e1f9e2ffa19d1e2

Analysis

max time kernel
1800s
max time network
1689s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 03:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

unsupported.html
Size

347KB
MD5

b26cab8a287607ad7405f84172b043df
SHA1

f2636f1c3917c55c81d2f12bf6c100b43eb8bf07
SHA256

29e1ba65a6fa7733e25c9756f7da0ff6a0f405a9285854808e1f9e2ffa19d1e2
SHA512

287df50e3f7fe2005b0528be647edf9069796c11da9084eab7c7020ec854085a8337b8d3d64cfbd95ed2ab59361dbce5bbed42d61ed9f55043fbbf6183b413f0
SSDEEP

6144:J6kf3oCwQISNt1/X9bgM123gIfg28r5f2f73ERz6:ngCt9bgM1njr8z3ERz6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531340739639986"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3612	chrome.exe
3612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 1924	3612	chrome.exe	15
PID 3612 wrote to memory of 1924	3612	chrome.exe	15
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 4116	3612	chrome.exe	84
PID 3612 wrote to memory of 2088	3612	chrome.exe	83
PID 3612 wrote to memory of 2088	3612	chrome.exe	83
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85
PID 3612 wrote to memory of 1228	3612	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\unsupported.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd58b29758,0x7ffd58b29768,0x7ffd58b29778
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2600 --field-trial-handle=1784,i,1710266438054956840,16115635202917250818,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1504bee346d1921720d3d63da1608713

SHA1
49cb50647ab811a05fbfbdfdee35d66af7a52a54

SHA256
1e27cd0ca919781f9b717eb7bf36a33e242c5e077ecd02f6e4779ff43fc1ec23

SHA512
43386b7e63ac1b311016331c25e8903ca280434a7007d7b054d5cb0684bd1d47e760bb5e35c47e69d02db6293db76bdfe9932780a813eca5fcb6519eaa2ed6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
14cd30c01df1911acf2ab4d683a8fcc3

SHA1
e789e6a84c2582d8dc90a5658edb4a3579547915

SHA256
609b3e58a1ac3a59e4794bc98d2702bee0bdf26b6a71638ae5f3ab4af9e27690

SHA512
f50a798db408af3ff0bb61b2f13acf3ad75672f7af75207fd297eed8b3b5503c276ebf98cb6e1776bdb0df4872cd7577dea2324bbd5b673d8c3008a3b0285213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a960657dfb16412246ee893d3380ba8a

SHA1
899b6eeeae76461297d2cb250ac9fc27b02fca47

SHA256
0d9e19fb2cae92702eb7f33ea6fa69e3baaeafcff5db5076cf81e3a4af469c7e

SHA512
584ca8fce92b4e3a49f08aec58a1bac0cb03e1e6dbd62a8da8ebf4514aa4d4c83c28db973fa636dc1c2b87c11b1765a30aa31c5527ba342949056947e7e7a017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
456b0cd7da90535695948c4148d7c131

SHA1
b598c5b6a11e7a0633eea41d94faef461d02b143

SHA256
0483ba048afe1a5d1e1dbdd8c8731d486cfdd8103ec24d2cb8b37e0462d247eb

SHA512
9583f705b962e92a0d2799e11eaa8377738853db212364d3c37de3afa85941e35438a97acbc510c26edcda53f17f0455a86f166d0ee534e8e4bca53566d963c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
7469328cbddb3ccd6c146005ce31e626

SHA1
31e323f96e58d9cf32d2d24787900bdf6d6fde1d

SHA256
657046e2a1f2ff5368d994255fb06e0e22908f8a5b0645c8c6e30f51f21d79d4

SHA512
c6ee37aa8ce2b0851a38163d9cfc0db3995500da0fe162b8366a68418546809c021b1f629e5d83749a6036e7d6385f751947ea78a9a99c3f54a0a5f720dfb882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
2a50c8c02ffd7c9f59b2ecd88c3aa897

SHA1
4b37c2896a984b54a926409ca7555d885b0ecd5d

SHA256
fdefbfd3453fe2f1d7610236aedcfc6513e9c17f8f13d7e5a4a7457be723b57c

SHA512
93c039eabe3be25a583aeba0dbe308192a84f163083b7162b38cab8db72c1a4bdf4e61928cf8909e3d391f1f2fac5f4806a31f728bb58a82177555e1a09cb997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
674de0793c0743b322b7860efa69b529

SHA1
56d0d4fb1c412de9fca1a128e754901fbd9cfe6b

SHA256
e8fc1fb5f3251b70cefcc082c7308b2a0d9cc978e846df6970b35bc52109b5ce

SHA512
f0c30b575891c13b5333cb7821175a1e53907232930cb073386fd3f74f98d5003fd3c1a8a646691c5ed3e92072dd30a70ca2269208e2986fac09c183493db743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit