Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02/04/2024, 02:22
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133564981574795037" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5040 chrome.exe 5040 chrome.exe 3960 chrome.exe 3960 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5040 chrome.exe 5040 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe Token: SeShutdownPrivilege 5040 chrome.exe Token: SeCreatePagefilePrivilege 5040 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe 5040 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5040 wrote to memory of 4996 5040 chrome.exe 83 PID 5040 wrote to memory of 4996 5040 chrome.exe 83 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 404 5040 chrome.exe 85 PID 5040 wrote to memory of 548 5040 chrome.exe 86 PID 5040 wrote to memory of 548 5040 chrome.exe 86 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87 PID 5040 wrote to memory of 2344 5040 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=0ab99769-87fa-4b5d-a304-363087db99f1&acct=ca071203-7ee2-4d4f-ade4-f87381a69497&er=8e9b4cbf-0f75-40c9-a6b8-c66b946fc9c91⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983be9758,0x7ff983be9768,0x7ff983be97782⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1880,i,16340175526677590546,2819626908886278830,131072 /prefetch:22⤵PID:404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1880,i,16340175526677590546,2819626908886278830,131072 /prefetch:82⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1844 --field-trial-handle=1880,i,16340175526677590546,2819626908886278830,131072 /prefetch:82⤵PID:2344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1880,i,16340175526677590546,2819626908886278830,131072 /prefetch:12⤵PID:3824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1880,i,16340175526677590546,2819626908886278830,131072 /prefetch:12⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1880,i,16340175526677590546,2819626908886278830,131072 /prefetch:82⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1880,i,16340175526677590546,2819626908886278830,131072 /prefetch:82⤵PID:3892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 --field-trial-handle=1880,i,16340175526677590546,2819626908886278830,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3960
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD597ac33c665a6cc9d11c587e916ae120e
SHA1a08dbef7c09037f35aa5c81ab7077c2804a50693
SHA256664bb8c11a5cac10fccfc2ac8c32f30f3e0fca30b68c62bf88bdd1f87bf8059a
SHA512b01ad93389bd04008720678dda58e242e2df56bf2f287b2e9efdf2807e2c349fc4746f7b272796a014b2dcbe10bddec43107209e916d10241c939f59ad8026c7
-
Filesize
977B
MD5c20715899b87bfb947b879d414a42f08
SHA14d27ef5f140597b45de158f412ebd788e8413165
SHA256a38c6f7879a8b56ca664c2cd0abd20aec93cd6356b1123ebc973a70f106222d8
SHA5122d75d14e17fa993e6aaa0816807800bf321007b63e8f7e30e6478edfa8f6a0ee9cc58417cec15b6a93dd450e358a0b1544fa498afd95355bfe994c9a4f8b98bf
-
Filesize
705B
MD538382dbe8dc1aab2903acd0498ea56ee
SHA11a8356cf255cc6baabc8989084ed900c3dfd1f3c
SHA256b755f6c1ca351d15bc7bb20ec0bc9030b97bf6efdc10315fe24fc57b5aac361c
SHA512081633f163e29d7c23417de18f18a96f973a5469238d17881c0608ff35e5c9a40765ee19a1f09dfa888a1c69a3714608f1e447f9161ee832a84bfc909f5846d6
-
Filesize
6KB
MD5dd2f02c01ac3740deb9d57a531810e09
SHA1741248150a14cbe449895513d6f980a65b7ecfdb
SHA256c116f38bc26edd945c5b8e0e8f74dbebc6ed499c4885a6660a741484b5703505
SHA512d50ba2bba2ede091e3f40a63d9c8bd921ceaf65b51a175e6bb1d6542c519e4bbfaff235678e114ff822278f0bbc0d630f2a3d1c40ecc1c0f474df7fa06c06b46
-
Filesize
114KB
MD59f8ff04e11f7c65661c35b8d23985fed
SHA1a2b0ae29654c1bc5d45cde00c008862a5ffaae05
SHA2562f57d7400d4bfbaff24b7b4db405d29956c7e698577416de0b4e6ee85d7a827a
SHA5120beeffc99f70297a7b3ee6a2d88019dd251bcb71fbfa44f341bd080fc523b44268803d1c887ce22a73c54d6ef68ca8f58c836219158baee7df98a858b576fc11
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd