hxxps://www[.]google[.]com/

Analysis

max time kernel
599s
max time network
578s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549064242309209"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
2820	chrome.exe
2820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 4036	1404	chrome.exe	89
PID 1404 wrote to memory of 4036	1404	chrome.exe	89
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 2204	1404	chrome.exe	91
PID 1404 wrote to memory of 772	1404	chrome.exe	92
PID 1404 wrote to memory of 772	1404	chrome.exe	92
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93
PID 1404 wrote to memory of 4984	1404	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1e209758,0x7ffe1e209768,0x7ffe1e209778
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3320 --field-trial-handle=1852,i,17405060268066691622,7185026806692325663,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
119cac0e9711ae13a90e15f430beb231

SHA1
f2579e01054a740f981402012458fe88d8b2109b

SHA256
bb8dac84d7f8317ffd5548d8c33853ca124b841791055f21d0ef7b70a8739695

SHA512
1ae10e12c7bcfb3e16fb907806ec5ecce69528283ba5ee2413c6d7cac37c8f31160a3dec564cdd739d34253dac499d003517b557f598fbe9f03dfa68f987b1ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1d3a0ec6b8f5c11a85e4e8a188cea31c

SHA1
ca6529454c09b7ad6d35d5cfd2996bd4f690fbd8

SHA256
008bce20d6333c80c3ec4ead946c182b6a41a2b2cf65f1412d7158e0ed9606ad

SHA512
d855a733885c7734b790f8fa36fabdc1fde762753648b7b2e3b39a6edbb02199c01edf4f3d507b70cd7f568d0c870847596608d1a056b88a800715120d0c815f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e0b56509b469c147487ef4cf92607aa

SHA1
ccfdcb7098a0bcf4f6b94335c024363516e2dfa8

SHA256
cbd9c33c6ed53facd115c5e5df19e395c913e15a98444f34bbbf10ba22b8d996

SHA512
b27a1b8cac788df3858242ab830d7b17aeb7fd1506b3e19a877d1d6c838789527e12d4625679adacc7ef0721d9ef58a6c8ac93427b85b8a199d18870b398d55c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4936a11885d7f96fc1c8ef64b2514c2b

SHA1
13447ed8f32052050d7157aad957cac639dfc492

SHA256
2aa4a6f557a88bcd8ea35f9bb079f899e1225c740b1fb0c6bb5da14bf008eec2

SHA512
fade8dc8c7234b93aeef6802e4f6cdb7f821ab575362fdd1ea74a55db6a38659a0a44e5ee9f7724ff84d37e042328899173f9d396921618c50b9a69d9c89356e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4de9ad26333dc82ba277eb22d4cf591f

SHA1
4e187a1cf5dc49436152e2aaa404bb56d8b4b67e

SHA256
6e4bdd933f7624e30e321877accd4528f9b7193ea79bacd08bcecb4bc2705cd5

SHA512
90bb9916e7f403efeaf1c34a492f56c687c63aec6c48f8e580029b4cdf57ca2672549986fb4bcffd0f64c36d467de935d689e86cda0ce9ee6ff5548a27ecc1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e81e2a9595ba139132f0e55c2e83719

SHA1
e86943181cdac1e8229acd3f116dd8f690713288

SHA256
3debc0477adb4222a19ba076d16ddf37f54ab34a19998220e6b78539a36638b8

SHA512
8c7719ef103d2a933b4e53055e4212062cad768470c838ac95587d991a1c71507bdb7c859cd74d3706bb6e6845a32674780b966d926c5c0c3baaf4eb4c835292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
56d030a4e1f5d6cf99e5189d10410f18

SHA1
85ab37b3228701677d4205b79e1c39f7eda7d2f1

SHA256
5d661b4de3617f6b38f67d8dfa7a5f61cda26f8a54662003ae99e6495dc0d2f0

SHA512
4f6c42644d63da5a4d7d5d245d8cc3bd9990af7c7b110f915823e857ac692643fd9036004143c27e4a9dfe6c0405d92eb007ab6964db5680df7edbfd480ba701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit