hxxps://chromewebstore[.]google[.]com/detail/ahkjpbeeocnddjkakilopmfdlnjdpcdm

Resubmissions

13/03/2024, 14:27

240313-rsk8yagh66 1

13/03/2024, 14:26

240313-rrx64sgh45 1

Analysis

max time kernel
19s
max time network
28s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
13/03/2024, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/ahkjpbeeocnddjkakilopmfdlnjdpcdm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548136927400905"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 3856	4940	chrome.exe	80
PID 4940 wrote to memory of 3856	4940	chrome.exe	80
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2764	4940	chrome.exe	83
PID 4940 wrote to memory of 2172	4940	chrome.exe	84
PID 4940 wrote to memory of 2172	4940	chrome.exe	84
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85
PID 4940 wrote to memory of 4728	4940	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chromewebstore.google.com/detail/ahkjpbeeocnddjkakilopmfdlnjdpcdm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ff913ff9758,0x7ff913ff9768,0x7ff913ff9778
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3808 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5104 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1832,i,7162528062168688148,3209750529126372224,131072 /prefetch:8
  2⤵
  PID:4608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3f0c6099-b892-4c1b-abd5-45e93a4a0707.tmp

Filesize
6KB

MD5
cbd704f2940a325dbd96d868c2dc296c

SHA1
2b57a2a91a9dadc735160633ab46f382ad25df81

SHA256
0c5e150108ceff1f77e41a34463e616f1eb3ab33e7dda620513dfea1ea83b84f

SHA512
84864aa0b9890ca4148438dad18bc1f93f6fa615d8991a00d4586466407c03efc563d16665cf1c6994250fea2b07cef5a4a9e646038905d6e8a12dadd898ced2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
27KB

MD5
ce0b8d11a00256be872539d386e3f8e5

SHA1
64658a28b3b3a52c5332c9e1fdb8875411a4f9d2

SHA256
3a009c2e78435c0b5f5454d3a39090a76111f8dcdb35ae665332afacb6f2d83e

SHA512
06fd4d8b19f485e8fafabaebef5f48217d86ff8d59a1889e3a47bc28eaafb23892fe0f85d4e2165cdfbe70761fc006c0650e7304b2534960ee8962fdcef8cb4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
f66ab1f0ca2e33f85ce8e394a3b5705d

SHA1
6e45abf7ca499650817bf051d8a09b9983a9a638

SHA256
54b5118e1318f9607595b630b4900b6c270e687d2824b6e13e9df884a33c1a1e

SHA512
ba6e12c4495bb8d69fa54c7f01c389ceb436a245364d41b2c11fe9d23fc1fb486b2faae0eaec973d65a368f4652e061dc14884bec9fd3db67cb0a22e7b9e12f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8050660dd5521c4ec9fc3437b647b30a

SHA1
e8c346a6282e926953bbdb224b0cc6a0a44e6c8d

SHA256
afc694551f4cb82b7e861cdbfe593157fc9c3a773259b7564fcbb4ca6be4cfa7

SHA512
0e73f9555d7376308a3b1bb09391fbbb66ed8cab455b018b9ef2b1cf94d4c3a3d4ef4a0d7ad385538cf5c2098a1376652526089282ed8df81b1b6d9d4f25dc25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
57ab9cf606fc1f8afac22f1c43f3f69a

SHA1
1e3b53918c4904808bc77fafdda02d1b0ff1afec

SHA256
590b984ebcb9238155ad07e762bb374fefabe18d7bc78abb93e21763e36caf19

SHA512
de1d38915482684c6aad4787d79d7a374fb5b5a4b505501142d6ee1df97f70213f5292a46c7383a7ccfe6bf01ebb2ec01cb2241c66d8d2cb223ca4ddc005e9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cb2359a8feeef9ecb60149d2522e766d

SHA1
e30f3deefb03b87b43450e48b9fe4bb79c4acaef

SHA256
ec689e111a5f779b4d019298971c14a995729c1e3e0caac959388a0b7f512744

SHA512
7b4ca854103baa0dd8897ccc6a3a0e0075cca57db4cd2751b428e678a899a30a359d27a50b3de9824b6a75fa5516a6367e11032fde905d2e131c046dbc36d191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
da3417c955ded162499343cac14f85f7

SHA1
7e520ce5f3dd3eb94dce4884995f675a72fda9b6

SHA256
e0e49162007133fe392dd01a209ed87e54577adf8ecd57fafbc698c6da251867

SHA512
349044189c1e12df851d581a683c82ff873f32d6b286e0fd7aac55c0fe745f01339b1862293c51ca729b2a10d9a94c9b158d8058653fbf9b5e5950fccafed911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
cfc94dbb279cc3359c3c2c08ba299420

SHA1
8f90bbdefb8c7d54005b61064a4119ca18278d77

SHA256
0b26bde2ae2e9b7a9401f81688e88fd9b1603c65c48dd5820dde524350b53f0c

SHA512
89fe2a1e1f7a8083456c60332034786f77338bb0080cd075ff5e6065dd866fc26d5a824793aa4410652455a9feee0b40f1b7dd44fabafa14c9a20bb099f590f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
ccc22420b560ffe1b29fab7d2f90439f

SHA1
ae6a44d98aae203c9d85fa19e4315a8dafc7d916

SHA256
0fef89fbf8a649b95e6653d30bf8eee3672c3e34d86e3cc4a8e67da4b85cb4eb

SHA512
5a045df127f40ae97ea1c09e9cdaf50a111b4615b1228d54855ca7682f3e0e91d07f436c4286a0c7c76a21165be4c2d2ae87fe5d0ca7f1424933376d7112d1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit