32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
300s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2024 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133539553542195142"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4040 chrome.exe
4040 chrome.exe
412 chrome.exe
412 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4040 chrome.exe
4040 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4040 wrote to memory of 3852	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 3852	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4840	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 2688	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 2688	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4208	4040	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffa122e9758,0x7ffa122e9768,0x7ffa122e9778
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1896,i,3499547819739481814,12988638726911500528,131072 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1896,i,3499547819739481814,12988638726911500528,131072 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1896,i,3499547819739481814,12988638726911500528,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1896,i,3499547819739481814,12988638726911500528,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1896,i,3499547819739481814,12988638726911500528,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1896,i,3499547819739481814,12988638726911500528,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1896,i,3499547819739481814,12988638726911500528,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2384 --field-trial-handle=1896,i,3499547819739481814,12988638726911500528,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\699a9990-971e-4631-b075-9a16fee4d778.tmp

Filesize
6KB

MD5
41bbd3e95a13f2c5329db4a22b241900

SHA1
55cf2c8d1706bc86f0ae8b9fa01e6a30608bc60c

SHA256
ab7d695694e395983231a0277a95bd9d20dc7d4de8c81de70cc4f4830a39c3bb

SHA512
b00b574bd8ec369408163020d38c74b13fb7282da17badee563024c36523080035bbb074acf4c88e5805f910fa712060ae4bb99e43737fdff75f18bfcf99373f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
86934726cf0c8d567873ddd0a8339350

SHA1
572e61f32a9f186c4783e993990737f96cf525b8

SHA256
b1aca819caff9cdda6e4af4206aaee70df0fb2e6a3bb6ea32d9dc63e594862d3

SHA512
f35b5eac7274eddbfa61a4e84f2d9aead9170335b7de7b8a68b47a66e3e66d820e3610aa055a559fd6b4e12ae05f8e2d06d654497ade2edc72f32e4f538092ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3e6b4845f334e6f6a8a0d2061ffda819

SHA1
76d34d995dd2c763ba2e8fdd1fcb4b7ebfd76dfc

SHA256
2b5749a5191ef88ed895b033022b29441bbcb87fcc9b99976e87919c25f88cc9

SHA512
ba9bb6c7dd855c8796ae37834b12a74c75b4eddb2527c57231ca914e80cc2bd7f3419e89823243e50286d47ec0b8ba06f08c6d89ab483149536375271b6c2a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
824c7e04e927901a00c1b84eb650ab1e

SHA1
158d0d3d3ff9d701596d22fb654d660aac11bd32

SHA256
8acc79fb99e18375772cde1d64a5cd1c43dba6124e271cc7bb37b1050c0d4450

SHA512
c87ac0892526a0ccdc739e3f5c6e505b3dbd3a30471b97b298b20179615e08b4f1a6cc3787c95ae0e82d23f74bc6840aace8a04cd2df01555c3bda1db81e73dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4040_BECEPCHIPCSROXOU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit