a9b0ca9cecac5d94f063c52161ff4958f8581218f47f8249635367958ab2ccc1

Analysis

max time kernel
153s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cult-of-the-lamb.html
Size

193KB
MD5

8bc9949fb89c77e9269ccc6bd19c607f
SHA1

476c50d8da56b2a61d36397b9073b2e698fa8648
SHA256

a9b0ca9cecac5d94f063c52161ff4958f8581218f47f8249635367958ab2ccc1
SHA512

c17de037321f914b39c37d3e1e7c76691487022c5e2c5784e7331039d933c9c8b80ec986b5b3be15bc51f0dd0f6e4a77a74f3c0c0c6ac5683d24b3dabde14318
SSDEEP

3072:c9rJ0tnFizHEUJ6aqXbtBva1F7VD2ar9bRXeWgTVqDtfXV8bj5MRfK9Rpu0QZBhw:c9rJ0S5iFbBLChw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535576563936614"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
1972	chrome.exe
1972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
224	chrome.exe
224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 520	224	chrome.exe	58
PID 224 wrote to memory of 520	224	chrome.exe	58
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4776	224	chrome.exe	91
PID 224 wrote to memory of 4980	224	chrome.exe	92
PID 224 wrote to memory of 4980	224	chrome.exe	92
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93
PID 224 wrote to memory of 2112	224	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\cult-of-the-lamb.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7fff85ad9758,0x7fff85ad9768,0x7fff85ad9778
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1688,i,12262212831998648471,4168472822439700446,131072 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1688,i,12262212831998648471,4168472822439700446,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1688,i,12262212831998648471,4168472822439700446,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1688,i,12262212831998648471,4168472822439700446,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1688,i,12262212831998648471,4168472822439700446,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1688,i,12262212831998648471,4168472822439700446,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1688,i,12262212831998648471,4168472822439700446,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2456 --field-trial-handle=1688,i,12262212831998648471,4168472822439700446,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9e5f43191d3d86a5309e4346b05eba16

SHA1
3413e5cda93ffab4fdc01a622c7e3d165714cce6

SHA256
98ae905e7b9615127b57c5f03707dbdc36f84c79eec5365c4563ed735bf1833a

SHA512
41b92ee6361a383fc23de2dec6c54c488c81af86657c718125f44ecc0bb04af9dd8b453e918c5c9671fe84c1caaacd61cfe97a4a7cbf996d9e871d2749cf5630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
869B

MD5
2a20754f5eb4b35e09ef316d6f544c4e

SHA1
773a90cb47c5fd21dd0de59f38fb5c14b8df64fe

SHA256
89fc4454fc20834901e6b3b1a377064a9f235733318391883f95e4bd4441bf6e

SHA512
6311449270157b7888b4fe725f7e2c8875c0c4f2619a74f7c610fa62fb011de0f63cfcc9e325f85f2fa847efc8c1a095c8a8a2a4444683b0bd7633670ead5815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
524ab6c9014b1b71f410e5c8328728ac

SHA1
5703cdd05068eb391a4f0d70640a453b3bff4af8

SHA256
0022d7e84c44bc3f10598532768dc2599b6a1e1513587618c39998cbc147e7f8

SHA512
eb62a28a167b21585d9b642927b7f706d3e00dc00d26f312feac8e9e6c609ac8c2a8f3d83abd9725d764b9c3899407e3558f06755bf164efd939452998a37651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
729fe98763721b3a358f84119206d91f

SHA1
9940bf04ae3a1366fe0d6b338e02de7999bd46f3

SHA256
7a67b3183b1acf6db2419584c9f46860deb9b0dd896423a414cce683564ee59f

SHA512
6c148cb0c176fa774326bce86a1b6cdc8137a69b43453f4044bce9e38177ab892bb21779427132956730b3d774a74bbf386a8ebd104ec7c033ad845b50d22914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2d7bd01f2440a3f9140427d4b3b46e6b

SHA1
92ed44f1e97ba420bcb2ad528c6abc700b17b5c7

SHA256
6d087939efad85ccbc6934a541aa3df093aafe9bfbf4d76fcc4647894ae2f0e7

SHA512
a2fd71c1dbc809c32f0cdee00cd9dc43a8dbb6c3df06f710db1fa21acbce1c5407c242b7a3b11bb07073cf316f80afc3f0ce7c861a9b934b813e145738f9af4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit