Analysis
-
max time kernel
133s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02/04/2024, 02:23
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133564981974052820" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3680 chrome.exe 3680 chrome.exe 4852 chrome.exe 4852 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3680 chrome.exe 3680 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3680 wrote to memory of 2844 3680 chrome.exe 86 PID 3680 wrote to memory of 2844 3680 chrome.exe 86 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 264 3680 chrome.exe 89 PID 3680 wrote to memory of 212 3680 chrome.exe 90 PID 3680 wrote to memory of 212 3680 chrome.exe 90 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91 PID 3680 wrote to memory of 1020 3680 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=0ab99769-87fa-4b5d-a304-363087db99f1&acct=ca071203-7ee2-4d4f-ade4-f87381a69497&er=8e9b4cbf-0f75-40c9-a6b8-c66b946fc9c91⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffd3ba69758,0x7ffd3ba69768,0x7ffd3ba697782⤵PID:2844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1972,i,16049101386667418059,4577339364155772939,131072 /prefetch:22⤵PID:264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1972,i,16049101386667418059,4577339364155772939,131072 /prefetch:82⤵PID:212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1972,i,16049101386667418059,4577339364155772939,131072 /prefetch:82⤵PID:1020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1972,i,16049101386667418059,4577339364155772939,131072 /prefetch:12⤵PID:2240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1972,i,16049101386667418059,4577339364155772939,131072 /prefetch:12⤵PID:2444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1972,i,16049101386667418059,4577339364155772939,131072 /prefetch:82⤵PID:2208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1972,i,16049101386667418059,4577339364155772939,131072 /prefetch:82⤵PID:2180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 --field-trial-handle=1972,i,16049101386667418059,4577339364155772939,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD5544ba19f5787e908c4f0e7a6c5279dcd
SHA1add0e99ce241d5c883d0c175ea0e18d94caf2626
SHA2565f1d8a8ea0de8a054aeedc8f9c76a8b5a0748f7d2e898b1e71a76dfb8e911a0b
SHA5125454296d46e3638697c13f5b8171cf9540a6726998401d093d72c56535632ca9bab4dd8a987aae72565642844f6d6fc51035a040fc8e91634281f4c7c998239c
-
Filesize
831B
MD5a22605f071221ad92423936d5811e2aa
SHA1e40cbf61ddd4366c391ab2fef2e9efae1c2d0597
SHA2561995248988243718e6b87b7fe5d15c2c1a18849502b715c004ba2a57f879b36a
SHA5120e8d97dad85742797f1551b23e42b29815ac04d0f9c76d7092ecc31b4b0de4c99086719dfe911520c122afb7b1468502a76289f8b2da14ec156463066eb2c7e0
-
Filesize
705B
MD533577c3f41da0ae73b3055a3fc8436e3
SHA1302a7e7f2718f054fad5442386efcebde46a22b8
SHA256887db295178f54dd8d8721dc3da99b7a5a6894434d71816a56fa4ae7394810d3
SHA512777b13e70dc263175eab3f0f6d8c4395739a00d01ebc5ba8b0e8220a0d982c0fc1e7890f6fe5997aa01032027a433b8a5618e1de2f0663e95f0a5a8939ebf78f
-
Filesize
6KB
MD51b4daa30526550f0d43424bdb63f9e13
SHA1754575af6fb87a59cd4d30046cffd9e7cc528df5
SHA2565ba363dea09d3df1d9436c26f8e6d2047292cd3286d0c869792e205fcd805fe9
SHA512ec9c95ad34591c20e7cf42a37fdeee1b957a7dbc62f63de4cddc2739d8e19bca831c254c3d543c11cef9d6f110071a0320612e2e8b03137de7c1284f2e819ed5
-
Filesize
128KB
MD5930e9a927705e982972e7d9835fa21dc
SHA10192fcb14b7c2142c5a430b879a982df03aa45bd
SHA2568bdc638c9c71facba6dd30a0454e582c657b82ace9a6e55ea28b2099c09c4f41
SHA512d808890c1ae0161ae13cdd561c72bc2eae59cd31cb518e356c36e595a8cbd5aaa5128a8a34916e7f3cc2b886a837e26a3a208eb15819f679a0a57d5a77421b7f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd