hxxp://google[.]com

Analysis

max time kernel
299s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541771165870748"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1764	chrome.exe
1764	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 2668	1764	chrome.exe	84
PID 1764 wrote to memory of 2668	1764	chrome.exe	84
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 1852	1764	chrome.exe	90
PID 1764 wrote to memory of 2376	1764	chrome.exe	91
PID 1764 wrote to memory of 2376	1764	chrome.exe	91
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92
PID 1764 wrote to memory of 2800	1764	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd532d9758,0x7ffd532d9768,0x7ffd532d9778
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:2
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2772 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2780 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3140 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1796,i,6258607788376670326,14626792370626640622,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
bad649d5426e910723db72b10c180fd7

SHA1
897ec3dca291a83b02f142b397ab4c54532df0bd

SHA256
5a96b7c7e0328a8a5f758eaa569e717971600e49a696f4769342decb015209e5

SHA512
0df32c086f14d014a5b9147db32cd58687e67998f82cc3941080a7281c25597dc8844ba03aa5d9e5bde0fe3be549c56214d7a94409db4b89395299e34df247fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
769be01089afd835fdae1ac701d88164

SHA1
8cbc00da7072d230076f53477f97f64801e56beb

SHA256
133edf7402de1cf00702d36893eff595440eaedc257fbb7d85d5e6e7307b0c17

SHA512
d18bcc87d24371fc6bd579072afc06f2d01c6bd2be9443edcc72e6577f0fca26da777eb6891bb89e964d3c0667bc8af6fe1d2bd1d4a2727fcfc1153ea701daa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
573bb3b2c0d055436a6553a16bd2f18c

SHA1
d24d11dbca5db5100154f96e9f1d142b1d8038b4

SHA256
fdf52bd109b63c0ae06df7805167b54eee988bf2d1a5637bf78bfdd2ed1fce84

SHA512
47d5d2e879a79e5fcd0186f0610e439a9168221356c3e5e6fe42f6735ba5d9109d6f771119e78cb4598d94dee715f5cc393bd7519134dea9d8463c409a8d0679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7bab12cd34a2f0a2f1d83ee793e3399f

SHA1
0b2f64b7291e4bc9c1625553d7f3bfdc3b522d2e

SHA256
3b134cd855b2522daefa9eaaed703c67e30390d5080159c84ee9ab69f4fe0ed7

SHA512
a57bca143efcfa89df7024a2d08fa57427ca95521f8e43060c180767dd399f076ba704c989b8ff43d8d89a786070b23fbe4632a30d4c9fb5ab2c7e3721d0eec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8f161dc0a88d0b7c9b191f7c820cf239

SHA1
e0ee264ceff4be3af50919375c25ba0fc92833de

SHA256
52bbe51f71483d9cdefe7c3fa4fe362abd3ef459fbe5a939ab88c1a6b9195702

SHA512
fb65dfa4533713948dac51ce079e30cd1fc3f2e089d7c21714f079bfe9ae30e29a5864099d7647469de9892b74f1e3103db438cbad7ca717b9c91aa74a0d1e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
41c281cceb1c01f553601eea8fd8adac

SHA1
a2c4c6840b8d46be1a23c7de5c5c60f0a43739ba

SHA256
b44d1d00007067541503f89431854f66a81f6b01ef3ce476d95baf4ca91eac21

SHA512
9f746f62268a004f3d8217b58567ac212ca62376e8e00bffc50d173f42911e53b03d715a47a17434ff53798ff441e596c19ec2a0a201a178a2b142e9443ed608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit