bea9521aa546912b5a684b51ab835afa44d718ca60212c60f93f23ec7f8a3cb9

Analysis

max time kernel
76s
max time network
77s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10/03/2024, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

15KB
MD5

65cb7e02cea46de928836a8d4ac8959d
SHA1

c465fee453b3700f1c3d362866887ae7c025492e
SHA256

bea9521aa546912b5a684b51ab835afa44d718ca60212c60f93f23ec7f8a3cb9
SHA512

74b9588dc59fb7d10b9dc35a3124fbdd8e40fc29d65ef3c431ea81910a576c7c7a303d67e3406e153a72ebbfff5c56e6ee1a48a8be5250fabff02d7534cfcd4b
SSDEEP

384:x6j9HlAALRcomwFfNmBSZv5HvvQ1TCxzbEMhHPIKlkT2zp59FqJPku7:6SuxEDkC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133545532928463525"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe
Token: SeShutdownPrivilege	3332	chrome.exe
Token: SeCreatePagefilePrivilege	3332	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 2488	3332	chrome.exe	81
PID 3332 wrote to memory of 2488	3332	chrome.exe	81
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 4900	3332	chrome.exe	83
PID 3332 wrote to memory of 3732	3332	chrome.exe	84
PID 3332 wrote to memory of 3732	3332	chrome.exe	84
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85
PID 3332 wrote to memory of 372	3332	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff55709758,0x7fff55709768,0x7fff55709778
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1748,i,1489422292931513048,1069103155462201856,131072 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,1489422292931513048,1069103155462201856,131072 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1748,i,1489422292931513048,1069103155462201856,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1748,i,1489422292931513048,1069103155462201856,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1748,i,1489422292931513048,1069103155462201856,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1748,i,1489422292931513048,1069103155462201856,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1748,i,1489422292931513048,1069103155462201856,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=1748,i,1489422292931513048,1069103155462201856,131072 /prefetch:1
  2⤵
  PID:3476

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7eeda420314bb4e68e7b7a3779f4867c

SHA1
eb81b2b92f8ea8fd92c41faed3356efadcddf80f

SHA256
85d65d6d2cb55ed388c4fa8bce2a60dae440679006346a00482aa7899df6ae78

SHA512
a106cfe527cedcfdffc00a922fdb4ffdf282d07a9d1b42504b947ab1ddedbdd54494702145293c72bbcc6cee25b2ffd27491c11cdb920a304de5138fdcd31b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fed0db1a1aec9bcb916c7e49272040a6

SHA1
8b30bd85b72ad313fa9b469880956bbc6917c5b8

SHA256
9ce337938fecced5c54fd428898b9ba7022f52d449f3004e80df0ac103b884b3

SHA512
5415ad8142504c209c0924de093347c9bad6e912bc8bdd9b1e791038c6e29772449b842df6f47572106b67c5d2632b20eda0ada6d196ce9b32654871bb194b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1a2a03981ca27394572ba3c1d37f1533

SHA1
a9f90c454048963dad345003ce3940dd97b089ba

SHA256
af278418bc94b58eba2746447d5ae01503cee2ba1b18d2dafcd5c70bdf951aba

SHA512
279dd86af0cf48d57ffc45c4f2ec3a52eba8f04d76acd8bc01b5013f3e0fb175789b004c0fe27cd3f2bac655b839b7d523ef66c658a80d65e1cf85f83fcff245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
ac0329be519dacb778df912d57ed2465

SHA1
ba93a8843fdb1636712660e7111f19ce83cf6410

SHA256
6875fc842a164aa27f9dbd1ea7d717d011b578c87afd4a83fa60b648079a9538

SHA512
1780e79f786207d42ff191e50cad8d7c52580958cb58b2d73bc9e3315ff82794bf339f12e74011b560e17ec1b36f36390120e6156e54117299c43d1162a8fb30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit