Analysis
-
max time kernel
1800s -
max time network
1802s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2024, 15:29
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
http://google.com
Resource
macos-20240214-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133542145806583756" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1784 chrome.exe 1784 chrome.exe 4388 chrome.exe 4388 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe Token: SeShutdownPrivilege 1784 chrome.exe Token: SeCreatePagefilePrivilege 1784 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe 1784 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1784 wrote to memory of 4260 1784 chrome.exe 94 PID 1784 wrote to memory of 4260 1784 chrome.exe 94 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 3452 1784 chrome.exe 96 PID 1784 wrote to memory of 1352 1784 chrome.exe 97 PID 1784 wrote to memory of 1352 1784 chrome.exe 97 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98 PID 1784 wrote to memory of 3988 1784 chrome.exe 98
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff97bee9758,0x7ff97bee9768,0x7ff97bee97782⤵PID:4260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:22⤵PID:3452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:82⤵PID:1352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:82⤵PID:3988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:12⤵PID:2532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:12⤵PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:12⤵PID:2956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:82⤵PID:5180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:82⤵PID:5264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2928 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4388
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3672 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵PID:5992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3732 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵PID:5116
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
195KB
MD589d79dbf26a3c2e22ddd95766fe3173d
SHA1f38fd066eef4cf4e72a934548eafb5f6abb00b53
SHA256367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69
SHA512ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6
-
Filesize
144B
MD5fee189d4732314712c8858883b2ce293
SHA1dfcef87a5ed709c3d2445aa0e7314ef9e769daa3
SHA256dc8f951b7a194d46ea870f3499a58c6e3cd9010c4c8c1e323de4bfaac98e13aa
SHA512ba601d83949823d38c0c7d0052e6e36c58d4e124a139f88fd096d12cd4bbd98df0e1a60e3047fb551ce923dc70289b990aac6e950085962a45834c4b0f44f408
-
Filesize
1KB
MD5a585952c852137eee0cfc43daf2bf90f
SHA1d501e28e176978846abbfbff6918b3a89ff30109
SHA25659aa703100c0ffb5ab203b9abc979e66cc9f1f84b88c3b8720e9192b076a6a8f
SHA512712b4ca86d4bf475ab4ce8d12c7447247c95a6f7eedbf163bff47b68fbfc30319ec398940170a4e692fd5feb48f8c5350a3ddec9c33d77c47bd16cbe07244a79
-
Filesize
1KB
MD512a137db007f2b95ad30607d3c7c1342
SHA169492df5214740f1605317db2db84df8d20b4bcc
SHA256cc6dae26352d4071b43f990d8a1b64e1933d3f7d9ba95ec4b5676e9aa2681cfc
SHA512e0e1331ad3563bfd8f99caa75920331a8693632c4120314726f14e2fdfb67d600d788811761e225d5875f87c25bc4513382774bb4556ec5c066e265140006092
-
Filesize
1KB
MD512d12b6b23fb20cbdba06b8420cf638a
SHA1a0c1862e24b1f4ae943f49238f30053ae2f3c2b3
SHA2568ca5bf4c1cbc92996a1ac452777302b1e92f731b556199fe00cd80e7aca3dc62
SHA51295b5c91e606df092120279163bae82e6753762290a3903b925e9c590daf74ac8b6a708e0f6d51c128fb784958c192103bb0117d758d128a7ebb564d1cd3a9474
-
Filesize
6KB
MD549ce80e42f26dc341168259dc68402f7
SHA184c4dbaf05a23ed0bf90f16803ff02ff92b3bef1
SHA256753cadcbc5300e2be73783ab2e063f4ffd7b9bd53c9a562882a977e10a64940e
SHA5127b20cbe265fdea9b1301bd7c7800f6a3e1a000d2379bff113745adc6a3baaeef1bee3acf7d861b7ec67d573e4987957acf259773a4809501a7eef9643f09875a
-
Filesize
5KB
MD524855de7781c15c7c36fc6aa311d861d
SHA1cca84c265daef12a4170c5f11250dccbd961d49c
SHA2565674fb9e9106abaf42648a5d08bc3f7f29a61a6f5b38a0659e77e4d92dadd606
SHA5123fe6e5795aa12ea8abaaa2b140eb0b69f0c416d2d0e25ee7f4e91c8b10ef9fcace27212f96fb1e33ef58fc37b32d851316cf4cfc72eadcd098b7606b68568544
-
Filesize
5KB
MD57056f2ed38532bcf56c456c979f1cc7f
SHA1f11982479d83ca319d578b47fce9bb4650b03628
SHA256e360a68dcdf22ca281378d11cebfa008c79a7d7ce7a639a10053e25bea733729
SHA51261bc6b56e3e7b26f29fb7634d183b48111623022f75de1cb5cf6e4ae84abef0ded1534c3db93eae08e2b39068af64f196fb60cbc05337825684956d6c5ad310c
-
Filesize
128KB
MD51231dfe026b8589e36ebd5feb3baec38
SHA12fc55d03c024e78d59afe08bb8eb42d58098ec9d
SHA2567afa5b0099c84164fe8c90929f6b09f260d04aa30cbf3d45d28b23be6398099c
SHA51243550ed26f2d6410080c9a1adf51b417058290a3b1614de0b0a9278688f26f7079d588aee668a72f62985fbf6a15041f2648f5e254e6ad4f60971c283dda2047
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd