923ae78ef3ace374cf0d3674376943b0cdf1747b46de74dc5c14fda16df936fa

Analysis

max time kernel
31s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a (2).htm
Size

1KB
MD5

fa29916f652602f11362858fc58ee874
SHA1

3e79b7c48adf7dbe39c935633d442d4826730344
SHA256

923ae78ef3ace374cf0d3674376943b0cdf1747b46de74dc5c14fda16df936fa
SHA512

902f2b5c73920a4610f898804cc53592de6bc62979ee092b0c15121cfd632c1c1b1d85ddaa3e2275d7e652fbb0a6f7d977f77456f1fcbbd3007861ed49781d6b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133545237733785443"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1100	chrome.exe
1100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeCreatePagefilePrivilege	1100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 700	1100	chrome.exe	95
PID 1100 wrote to memory of 700	1100	chrome.exe	95
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 1448	1100	chrome.exe	97
PID 1100 wrote to memory of 4676	1100	chrome.exe	98
PID 1100 wrote to memory of 4676	1100	chrome.exe	98
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99
PID 1100 wrote to memory of 4476	1100	chrome.exe	99

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\a (2).htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd94569758,0x7ffd94569768,0x7ffd94569778
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:2
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4108 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4752 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1844,i,13478042943344764418,7747427695962086573,131072 /prefetch:8
  2⤵
  PID:3232

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
d1d2ee86535101768f088fadf8453c92

SHA1
97b6fdb906c479c46e1b28f4d853e7bf5c6859cd

SHA256
fb5e68c1f278880ce072216a794aa21b485fa2f7b5401f4eaaedeb43d133efae

SHA512
40c47fe0df9bdfb72ed4fd73e699428e52bf1267bdacd2fbc74a4b9ed04ce6b88d55ae43f14a0b67188d3720eb60a8e353bd1a8a2a65c4610fa13048b880bb14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a17e7591e6b5b7b2c095b712a4f39d5

SHA1
1b3991e49f4c6db6c8034bad99d425ec89a839c4

SHA256
30639658f61e04797e72ee6297cc83acba63240ace869b863d954238b379a730

SHA512
2d7127cf58d972d35ff387825ac14290f787276b6f6ae1e7bd9af08f032ef51b7a09c73458746ac34b3b1ff6e826cea16982ed67d8b31c1330b92851ead7cf48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d69265b2105be7bc7e132bc835c8a3e

SHA1
c2ce2b8468c0df6de67edd8e60b407ba38f0e967

SHA256
bb5605df2bcc5312f6e80b0a6d49b60b3dd7014b65c4633131eaba97932a9151

SHA512
468d7b8a390984475b8a8f2852f37f9bf79d9c924b2437be1071c50d0c4785ef3b0b31e9faa3efcf5679f9fdcfc6f34142e8c3bf753e68cdedfb6d95a992cecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c79ce372d0e09c904b09544704de0d97

SHA1
e37393b130f0612286958688007d57f649fab910

SHA256
36b84501aa078bbfd4b6b711851577d0ae7e1ae0eac4860884934d69af8ed9da

SHA512
93d19752efa4804ea04e87adf8f0309411308c10e3e20f29473715051de9f42cd9a6fcbadbafac3fbd44c08adb4eaf10230578e61c7d478493b7efeebd6d704f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
972d6d3c686bc035d149f49a4dcbf07a

SHA1
8f7f8004edc9f847fda09182b4d009b9feded8f0

SHA256
e5857b865d623c4b21c046da2a7e0978b30acf0d2140e381f5afdd78287c14ed

SHA512
fdcb67e59e14eefe5658d92b778e8e68d106bc5fc1c0233de5bd18836f00b633465ee26e0a7f3bd8a499eb05b60f00da74619709f3b2fa8323e1bbecff3877c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit