Analysis
-
max time kernel
28s -
max time network
10s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
11-03-2024 09:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://egelections-2011.appspot.com
Resource
win11-20240221-en
General
-
Target
http://egelections-2011.appspot.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546232198091273" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1188 chrome.exe 1188 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1188 chrome.exe 1188 chrome.exe -
Suspicious use of AdjustPrivilegeToken 56 IoCs
description pid Process Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe Token: SeShutdownPrivilege 1188 chrome.exe Token: SeCreatePagefilePrivilege 1188 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe 1188 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1188 wrote to memory of 4012 1188 chrome.exe 79 PID 1188 wrote to memory of 4012 1188 chrome.exe 79 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 1668 1188 chrome.exe 82 PID 1188 wrote to memory of 4800 1188 chrome.exe 83 PID 1188 wrote to memory of 4800 1188 chrome.exe 83 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84 PID 1188 wrote to memory of 1492 1188 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://egelections-2011.appspot.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1188 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb9ba49758,0x7ffb9ba49768,0x7ffb9ba497782⤵PID:4012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1828,i,13384373081830190201,7662521741170843165,131072 /prefetch:22⤵PID:1668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1828,i,13384373081830190201,7662521741170843165,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1828,i,13384373081830190201,7662521741170843165,131072 /prefetch:82⤵PID:1492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1828,i,13384373081830190201,7662521741170843165,131072 /prefetch:12⤵PID:568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1828,i,13384373081830190201,7662521741170843165,131072 /prefetch:12⤵PID:1992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1828,i,13384373081830190201,7662521741170843165,131072 /prefetch:82⤵PID:5100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1828,i,13384373081830190201,7662521741170843165,131072 /prefetch:82⤵PID:2512
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5fe923fdac6e58d49854b3ba0faea3748
SHA128bc83dcf2997961f88cd964cce71cdfca4d7f71
SHA2567c168d52722a31b0c8c068cc0e54cfe491f396e3ae4cfde66bad1406d8ed98ca
SHA5128f6dbb312c8e67a7b6b6f43f5fa9e81910ad6a89ef895caf805e3db5cf4a8e5ca0f69df0b83d0305350b74b8d120cc1789c44e76ce2ccd6f841ccea6fc0bfa3d
-
Filesize
130KB
MD5be24e697a3adb764f17af9e89bd9d4cc
SHA1e63adfbcac73cdbbc5e24e71393e0a8ee42edd82
SHA256cb3239190ef5716b7eac2770a2587c94dadade651cf3a2bef5e71ccf00c63f31
SHA512dfd08f885d57b568d1e9a01421bf6b0ee11877dd9fe83da8dc20e28cdef992eece81a9a40cab7c69ac608933a2d8abc205a4d46825f9742fed7d17c5c93fcf3c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd