Analysis

  • max time kernel
    1800s
  • max time network
    1802s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 15:29

General

  • Target

    http://google.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff97bee9758,0x7ff97bee9768,0x7ff97bee9778
      2⤵
        PID:4260
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:2
        2⤵
          PID:3452
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:8
          2⤵
            PID:1352
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:8
            2⤵
              PID:3988
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:1
              2⤵
                PID:2532
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:1
                2⤵
                  PID:4124
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:1
                  2⤵
                    PID:2956
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:8
                    2⤵
                      PID:5180
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:8
                      2⤵
                        PID:5264
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2928 --field-trial-handle=1876,i,12996918346191542220,14626071105612209130,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4388
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:772
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3672 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
                        1⤵
                          PID:5992
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3732 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
                          1⤵
                            PID:5116

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                  Filesize

                                  195KB

                                  MD5

                                  89d79dbf26a3c2e22ddd95766fe3173d

                                  SHA1

                                  f38fd066eef4cf4e72a934548eafb5f6abb00b53

                                  SHA256

                                  367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

                                  SHA512

                                  ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  144B

                                  MD5

                                  fee189d4732314712c8858883b2ce293

                                  SHA1

                                  dfcef87a5ed709c3d2445aa0e7314ef9e769daa3

                                  SHA256

                                  dc8f951b7a194d46ea870f3499a58c6e3cd9010c4c8c1e323de4bfaac98e13aa

                                  SHA512

                                  ba601d83949823d38c0c7d0052e6e36c58d4e124a139f88fd096d12cd4bbd98df0e1a60e3047fb551ce923dc70289b990aac6e950085962a45834c4b0f44f408

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  a585952c852137eee0cfc43daf2bf90f

                                  SHA1

                                  d501e28e176978846abbfbff6918b3a89ff30109

                                  SHA256

                                  59aa703100c0ffb5ab203b9abc979e66cc9f1f84b88c3b8720e9192b076a6a8f

                                  SHA512

                                  712b4ca86d4bf475ab4ce8d12c7447247c95a6f7eedbf163bff47b68fbfc30319ec398940170a4e692fd5feb48f8c5350a3ddec9c33d77c47bd16cbe07244a79

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  12a137db007f2b95ad30607d3c7c1342

                                  SHA1

                                  69492df5214740f1605317db2db84df8d20b4bcc

                                  SHA256

                                  cc6dae26352d4071b43f990d8a1b64e1933d3f7d9ba95ec4b5676e9aa2681cfc

                                  SHA512

                                  e0e1331ad3563bfd8f99caa75920331a8693632c4120314726f14e2fdfb67d600d788811761e225d5875f87c25bc4513382774bb4556ec5c066e265140006092

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  12d12b6b23fb20cbdba06b8420cf638a

                                  SHA1

                                  a0c1862e24b1f4ae943f49238f30053ae2f3c2b3

                                  SHA256

                                  8ca5bf4c1cbc92996a1ac452777302b1e92f731b556199fe00cd80e7aca3dc62

                                  SHA512

                                  95b5c91e606df092120279163bae82e6753762290a3903b925e9c590daf74ac8b6a708e0f6d51c128fb784958c192103bb0117d758d128a7ebb564d1cd3a9474

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  49ce80e42f26dc341168259dc68402f7

                                  SHA1

                                  84c4dbaf05a23ed0bf90f16803ff02ff92b3bef1

                                  SHA256

                                  753cadcbc5300e2be73783ab2e063f4ffd7b9bd53c9a562882a977e10a64940e

                                  SHA512

                                  7b20cbe265fdea9b1301bd7c7800f6a3e1a000d2379bff113745adc6a3baaeef1bee3acf7d861b7ec67d573e4987957acf259773a4809501a7eef9643f09875a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  24855de7781c15c7c36fc6aa311d861d

                                  SHA1

                                  cca84c265daef12a4170c5f11250dccbd961d49c

                                  SHA256

                                  5674fb9e9106abaf42648a5d08bc3f7f29a61a6f5b38a0659e77e4d92dadd606

                                  SHA512

                                  3fe6e5795aa12ea8abaaa2b140eb0b69f0c416d2d0e25ee7f4e91c8b10ef9fcace27212f96fb1e33ef58fc37b32d851316cf4cfc72eadcd098b7606b68568544

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  7056f2ed38532bcf56c456c979f1cc7f

                                  SHA1

                                  f11982479d83ca319d578b47fce9bb4650b03628

                                  SHA256

                                  e360a68dcdf22ca281378d11cebfa008c79a7d7ce7a639a10053e25bea733729

                                  SHA512

                                  61bc6b56e3e7b26f29fb7634d183b48111623022f75de1cb5cf6e4ae84abef0ded1534c3db93eae08e2b39068af64f196fb60cbc05337825684956d6c5ad310c

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  128KB

                                  MD5

                                  1231dfe026b8589e36ebd5feb3baec38

                                  SHA1

                                  2fc55d03c024e78d59afe08bb8eb42d58098ec9d

                                  SHA256

                                  7afa5b0099c84164fe8c90929f6b09f260d04aa30cbf3d45d28b23be6398099c

                                  SHA512

                                  43550ed26f2d6410080c9a1adf51b417058290a3b1614de0b0a9278688f26f7079d588aee668a72f62985fbf6a15041f2648f5e254e6ad4f60971c283dda2047

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                  Filesize

                                  2B

                                  MD5

                                  99914b932bd37a50b983c5e7c90ae93b

                                  SHA1

                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                  SHA256

                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                  SHA512

                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd