hxxp://google[.]com

Analysis

max time kernel
599s
max time network
582s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553656631015444"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4028	chrome.exe
4028	chrome.exe
804	chrome.exe
804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 3940	4028	chrome.exe	89
PID 4028 wrote to memory of 3940	4028	chrome.exe	89
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 5020	4028	chrome.exe	91
PID 4028 wrote to memory of 1556	4028	chrome.exe	92
PID 4028 wrote to memory of 1556	4028	chrome.exe	92
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93
PID 4028 wrote to memory of 636	4028	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8976a9758,0x7ff8976a9768,0x7ff8976a9778
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3028 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2460 --field-trial-handle=1876,i,7912823211426378302,5307374279834818804,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4842bcf7b5a6b153e0e5fd6b37eaa720

SHA1
510ae8ae1caa49ac04b9c0269091fddd275359d6

SHA256
3d27e005bfb7285886a62a780c94b9730b1cbc365db0cfb5e2b8efb73db09268

SHA512
42557b05d7842401f5ca1c9288f60497556bd97c574bcc50987b89288aa27da61b81aa50c28e09c366fe2940a1741b9848b8e6762e00a67a1d6be0ad2a8d72ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bfc8bcdd7b4fd68765d720d34974301e

SHA1
2faab8fd59717d6782cff853f265c98e354f4e6f

SHA256
cfb4dca338c04570e3dc95a36626c6b75cfe81a5d9a3a9129d2388c757743fb0

SHA512
0619c2cb735f1760735abfe421b1818a188a2e43c59778861627a83839247d22f98e41af997c535e29f3c7beb178c429e00263288108c601aeab26059e3cdde6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b6d944af0c5e72a5cbed771868883332

SHA1
9c651d671ae69d22fcc2267f4589745b67cd8b5f

SHA256
19e934b75842d9e18bdfd230eee5c1d709a4062e4aff02ae79d88c26dde1a246

SHA512
254d040ccda0ee810af282c572c4e8d39930412096fc115ac57178b95f029ac1ab73b4468036251cf2145afe808afa51cb78e0998107a188a40987432849831b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c66fef23ac92134e71415dd35b775a9d

SHA1
aeb6956c2ac32bb83250aacdabbd30314f52e167

SHA256
e3d89c52dd720681e8769483d4635cc6ec9c82a3c02e00c4366ae61d83527507

SHA512
c8c15f1b97982db3377e89e77e58b7a75e3152c1b6069a54c391520834b1b36d7dda9b3ec98eaf529e926125801cdc83257b1980d37b5a51dbab52da301c2968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7685480fd3686a1104d44745c9a23c0a

SHA1
41c7b125cee34453aad9e306d19073209344b9ce

SHA256
be4dd1eb820b51d00f89f6e349a04d0e708087337adbd1cf20a3eb783bb753f2

SHA512
5d7370b3f9280329ab26ec7a098d426642fe3cc10f21c34df27bd198727d5188d231e4fbd37cb5798c794f7efae10ea026a8bb8c14d4fa0b6bca2eb94a810690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
57fe0146f612980e5ce43a892a60a70a

SHA1
388f2d5bfd4656446eae49fa4ce0b60de55771ad

SHA256
9589dcb666ac1877fe8769ad4528852c7b90839043a65e996322040cd0c39dfe

SHA512
6f713e0f9eda70066edd47facbd92d7f9d14721750e5b745909337c1770f2055737718be2d63830976595ea0f4ba0978d3d0488afede2886a2ac2b5cf4476fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit