a9cfd80a0f230b1247e315fab957635b4af80b0b3e1ce88553abfd06b0ab91b5

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

81KB
MD5

54072ef74c38cd1b8a1f92771927aacb
SHA1

57e3d5880ce6b1d43ea5e812723fdeb4fb918d3d
SHA256

a9cfd80a0f230b1247e315fab957635b4af80b0b3e1ce88553abfd06b0ab91b5
SHA512

b04090e33338d21a5773d373b735397a28e6091d9bbf667fa9e3274f285406790c4bee07956e92d95e922beea746593a4ce1f31efc2a15ada6cedbd9c3a3c5ed
SSDEEP

768:AqjuBvwgQ4mTuldhIRe7pTlTUlKVk2iAgbiXkUgsq+JgwiVfx:ZqBvtm2dyRe7pTlTiFU1Ofx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536380333668407"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 2004	4812	chrome.exe	87
PID 4812 wrote to memory of 2004	4812	chrome.exe	87
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4632	4812	chrome.exe	91
PID 4812 wrote to memory of 4040	4812	chrome.exe	92
PID 4812 wrote to memory of 4040	4812	chrome.exe	92
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93
PID 4812 wrote to memory of 4996	4812	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3d2c9758,0x7fff3d2c9768,0x7fff3d2c9778
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1856,i,13686326558397449129,6707501548025372757,131072 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1856,i,13686326558397449129,6707501548025372757,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1856,i,13686326558397449129,6707501548025372757,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1856,i,13686326558397449129,6707501548025372757,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1856,i,13686326558397449129,6707501548025372757,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1856,i,13686326558397449129,6707501548025372757,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1856,i,13686326558397449129,6707501548025372757,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2436 --field-trial-handle=1856,i,13686326558397449129,6707501548025372757,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c0f4f1472a74f9059b748315cfaad9cf

SHA1
98ff79353e0ef2f565833fec1b98844c9e2db624

SHA256
4985a114d485d44824f34a9cbb2cb5a83f99f0a4146e1468df121fa52ad3ae8c

SHA512
95f7334590fe365186242d9e7d985ec7bb8445ff037766e70ad773fb644f4dbbdb5aaf93b9e4d45b9fa6ebbe0be6156ba37029f061099696539229607cc9686c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
870B

MD5
9a1d5b698ce1fb1894e3ff5b1999b33e

SHA1
d1e8c92268842676b4a9cbc224e77b91b2d81b36

SHA256
3a68fc52633e8660bdf2baa49009c81f1444fd55c37274392059ef860e2b7184

SHA512
8d2bc436a7320b6aa2b4fb5d6ee614a32dc67c91570bf049e265928a5b296796ee70a62ad8101d93442ec4168e57cbcc8121d8b578f4455eb21e84497783ada5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2fb6f3e4645a78792f0927e275370b8

SHA1
6314af691ac79a6932a578305b846a53aa02f0f9

SHA256
e0318dd1dbc2e13cf35b747781b834ac545f196b746f20c6ac2d22e05035464e

SHA512
753234fe8b0867a0a7624f0c37427552f57f4c12e7c816007cc6e2ea9f0942eee946350aebbbb214e41141f2b0e486baafa1f9055475c7820457417c18577c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5926807669bc1c845c058b9d85eb9447

SHA1
4075c90e9fd7db81585737f857c7bf5275dc3ffb

SHA256
230fab0c2766036ca27157e891d5407f3dc04a1db4a50e3e379cb7a8a92b1da7

SHA512
bfd60e543b7cec38f2bdcc13d4d7e5115e84d94da8ca1b7785e8f5ccf775307566d04bb1db1768045c3afab9db8f6150acca5ab96052ad8035ec78aacfecd12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
5e42ecd2d43a76125fbd4caa821a1c4a

SHA1
af5f417da83947f683fd320b4c92fbb11b89ab3e

SHA256
c203a5f557715d800376f43d71e66d5e064aa58191a70dbb945c2987a6d27149

SHA512
faa159f935c122ce774ca74935305259957a70a2353d17a33fc70e86d5161304782f5df7bf4dbd1fb132eef7b52ecee06b8a42d14ad4783f10260cc5c7c9f09c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit