d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

h5y.html
Size

315B
MD5

a34ac19f4afae63adc5d2f7bc970c07f
SHA1

a82190fc530c265aa40a045c21770d967f4767b8
SHA256

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
SHA512

42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548992120667049"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2136	1612	chrome.exe	89
PID 1612 wrote to memory of 2136	1612	chrome.exe	89
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 3436	1612	chrome.exe	91
PID 1612 wrote to memory of 5112	1612	chrome.exe	92
PID 1612 wrote to memory of 5112	1612	chrome.exe	92
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93
PID 1612 wrote to memory of 1896	1612	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\h5y.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb748c9758,0x7ffb748c9768,0x7ffb748c9778
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1816,i,6258479650659083864,13651277419105213894,131072 /prefetch:2
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1816,i,6258479650659083864,13651277419105213894,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,6258479650659083864,13651277419105213894,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1816,i,6258479650659083864,13651277419105213894,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1816,i,6258479650659083864,13651277419105213894,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1816,i,6258479650659083864,13651277419105213894,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1816,i,6258479650659083864,13651277419105213894,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3220 --field-trial-handle=1816,i,6258479650659083864,13651277419105213894,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8bee9956aaaabb545fa85c725abd823f

SHA1
a7539de630abb169ddcf9825afedc72156871c52

SHA256
a009b6058087b512ccd150b3c519f90f362f794dc753a846136f883da1798616

SHA512
1617ffea98f1cc5e54f9b6e093c3a70a471507668cc5a95198945f76752c4f155f5c5e717dab528ffe0f4291feeace41b5289910276244b03e3cc43223b12a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
af87b2f9506cedf4d19c597f06541fcc

SHA1
0da174a975e600e98b2e7c7dfdc6696d11f3db43

SHA256
2d86649f0f01d04d091b56532793e28ac1552fac03182246d182a5952b8786b4

SHA512
cd1f547204ac755c6aa170222dc60f14e14e3b19943f660f78bc2711cd88a4b1207094ff1edee9bd02b80ca202dae8582620efe02060b89ec800b03d19615d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b8deba9342c6af4499d113c7c76bfe8

SHA1
96f004a8f89764f6c28691b79aee799a5b2a2d1b

SHA256
4aad31f94fa3e764f45d03f33413f83f2440e09999bf02aedf7efd545bd98eff

SHA512
5bef7d7dec838cd364a78a5d22f4a4fc8ab1bcd252f5184a52190f307ec7cb4518465e714a548ecb68ec83deb04f85964ccf673379275e5e175150023013bda3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e03733dea88adf8ad3313b7c0ac61af6

SHA1
0fa92a124f2a0b071d0abae1a74eb9d380d01654

SHA256
bbf5e8a7f1d6b44b7be4e197f1b0b622a1c08d96debb128d3f42dc2032457b7d

SHA512
26aae09a9f3445d6d8e5ff5eb0985cee7a1c848f369f2a4000d577a47d26a21a5d385981a1f8040d3690029fb46484ec089069f481ea09507d1e43d8b1aa731b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit