e3ad3f42648d6bf0e27ca70b8d16ed8270f1313c9a3f3cc3656379284ff5b8d0

Analysis

max time kernel
300s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

list.html
Size

93KB
MD5

4474a229a4cf697e3d975a14c5b625f1
SHA1

7fc20ea6755b87384a1fd47c3f6b8e2280fc25b4
SHA256

e3ad3f42648d6bf0e27ca70b8d16ed8270f1313c9a3f3cc3656379284ff5b8d0
SHA512

99d4b89c9cc8b50a68260748a3fd87e2d80da6b9e714b3b9dd816ddc779ff54535e539027dbb615444e90a44f2aa142d403febeb6fd4689ec3eb6d3ac7ddf029
SSDEEP

768:zqvFPXt8sm471sK3Te3aif45bjACYvZrvrlAunL29a7Ca4taq5JFEa/Sa7l5aHVT:OtTm471sK3T8abbUbyclvX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133561677367188995"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
2960	chrome.exe
2960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2680	1704	chrome.exe	92
PID 1704 wrote to memory of 2680	1704	chrome.exe	92
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 1188	1704	chrome.exe	96
PID 1704 wrote to memory of 4004	1704	chrome.exe	97
PID 1704 wrote to memory of 4004	1704	chrome.exe	97
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98
PID 1704 wrote to memory of 2860	1704	chrome.exe	98

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\list.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdba2a9758,0x7ffdba2a9768,0x7ffdba2a9778
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1916,i,13421477347953721344,7272821290643117542,131072 /prefetch:2
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1916,i,13421477347953721344,7272821290643117542,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1916,i,13421477347953721344,7272821290643117542,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1916,i,13421477347953721344,7272821290643117542,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1916,i,13421477347953721344,7272821290643117542,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 --field-trial-handle=1916,i,13421477347953721344,7272821290643117542,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1916,i,13421477347953721344,7272821290643117542,131072 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1916,i,13421477347953721344,7272821290643117542,131072 /prefetch:8
  2⤵
  PID:4984

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
556B

MD5
420c05d3de69459914b82ec34bf4ca0c

SHA1
019f0338063039c28777f4f4c4394475b05da5bc

SHA256
82e14417e3e4ce0348ac1f2cdd01f9ed28b1657b4906031bbc38534aafaff544

SHA512
921587ad91e1695fcef79a3400bdbf3d9d46be714e45c1f49e932d2ce1496ccd1f2c573e28c3ac3be2def2c1a4924594ea4807b479f2e5a947a8e498371a6844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
956dc6033abefc725320692f5df9868f

SHA1
49dd7c0397b8fd12b26ee19b32a73763c8ad6d11

SHA256
c24ae9e48f519828f07653aebb2aff78dca3e12b26499a3c54f1a5399d9594ee

SHA512
8d0f514b84bdee480be0a7b0daf23dc885bbbdf933e47493ee44086c367f204466e7d2c8dc2f4e3f88d4f64a5379f71cc5fdff6b8b76cd2a6e57e322967aafdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
99c821c17ee3acf686bd04e12cc0120f

SHA1
6a1c80e04420e057109c7cbd9ae033f4550692ea

SHA256
48ca810d08ee4247ad50f3e6859b69dff8221a79ee48ffe82f5b8a90f64021d1

SHA512
5c476e44f39873a2a64d18fddb869addb4743a290482f4ce3bc226dee2b7db03e577c69ccf5b4e3e19132b94c2174e311f0704aeba1c4ca87f4bed8ef4a4683e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
01068bbd739c9f2ad06f69e9082b7436

SHA1
54c3b2afdbd9081e0ea660fd2f6e0afa13a1802b

SHA256
67692032d8d447206f91af3ddce53a9cb427b28e08ad15855af0a0d005ac2668

SHA512
e118f814a42916e66e605c96c11662833a9713f6bf2c8e2d8701cb55f54ab2b3cde62a9cddc1a1ab4ad28fb6582c3d85bf3e6fa1fca4c8b09564198e2458ba8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7b4389580e351b0e48d29dbcaf09942b

SHA1
41f3ce27618f014648b324fd5bb5af5f029f6d32

SHA256
b8db1d2c8d295c1658f43e1ee53e0e39d3c90895f247f7115fd8c4f1cb22b405

SHA512
bb0fc7b6d8ee63d92747aea8f348ab1c2f3153bd6b65eb692763cef9e61dce6284c91aa28ebc7f4451604111c8cac478468fd3e14a46f455009a3602b926fd34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
5d4f35f700ac0be34325ac0ea3084522

SHA1
6d24cf259d4616446ea4bdd847a7d6a2589e05a3

SHA256
3e747951932d747e9f37e6fc4bf9aefa402d2363c4c98839aad7680985441603

SHA512
b4a37748d254b74d05aee6d8f7f617902ed87ace9691017204c056ebc688c99892fbdc80d2bef81458637e9e88465da0363068dc1dc6f58842dc2a8f39cf6d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit