Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02/04/2024, 02:25
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133564983473413630" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3424 chrome.exe 3424 chrome.exe 3924 chrome.exe 3924 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3424 chrome.exe 3424 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe Token: SeShutdownPrivilege 3424 chrome.exe Token: SeCreatePagefilePrivilege 3424 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe 3424 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3424 wrote to memory of 2928 3424 chrome.exe 85 PID 3424 wrote to memory of 2928 3424 chrome.exe 85 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 1320 3424 chrome.exe 89 PID 3424 wrote to memory of 404 3424 chrome.exe 90 PID 3424 wrote to memory of 404 3424 chrome.exe 90 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91 PID 3424 wrote to memory of 772 3424 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://NA4.docusign.net/Signing/Error.aspx?scope=3efa9ef7-0353-4949-83f9-aac7323fd6c41⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa4e29758,0x7fffa4e29768,0x7fffa4e297782⤵PID:2928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1828,i,16836757850386872811,11893359813226078824,131072 /prefetch:22⤵PID:1320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1828,i,16836757850386872811,11893359813226078824,131072 /prefetch:82⤵PID:404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1828,i,16836757850386872811,11893359813226078824,131072 /prefetch:82⤵PID:772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1828,i,16836757850386872811,11893359813226078824,131072 /prefetch:12⤵PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1828,i,16836757850386872811,11893359813226078824,131072 /prefetch:12⤵PID:4316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1828,i,16836757850386872811,11893359813226078824,131072 /prefetch:82⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1828,i,16836757850386872811,11893359813226078824,131072 /prefetch:82⤵PID:2436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1828,i,16836757850386872811,11893359813226078824,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3924
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4560
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD570c1e701a6e5d1b907cc26b93ced879a
SHA1d66aa190eff76f0000ea2a4bcad196bba91fcffb
SHA256da09dd321727de10364c4a51dc8d4a2046698fb172b4cfe167f74d00df5f4413
SHA51230ead38d0c1c17ff2b724856e98c1b7129eb81bf12268d7c25e4108cdf95ce8a4c0e0c838abcd2a266cd132be7de6085108d117e8fd6b3338b13463553053677
-
Filesize
831B
MD57ecb77973c8dd85ba44ad3ec24699d31
SHA1fad3f67bcdfdf45b14136d57e149fa6f8ad78a8d
SHA256c0747401b17c7f742cc7d80716f64e77510eaa11254f70dda6db71b807859932
SHA512baa953c6120e35f69939248b0777f8317d28f53e913bec83db24e4e798f2541c7a765e9b53ea1544c2e39801ca71f86bb893eca06cf756eee7cac51a959d12af
-
Filesize
705B
MD5dc61eb3a1dfc682c55b22256bfc79fd8
SHA1e5a020d4a11f15e67548b21598da04dc4a052cdd
SHA25633946c452232452be6b075cc78b3af5d1cdfe3d550420d431e34ccf9159d093c
SHA5127e6059e639d959bf53f505eb50a651ebee8f79caca885188746eab69bdf39b9dc10442cd10ed6f42ba1e37b3c79e19931fdb2637ab5b4f8e16e55db3f698599d
-
Filesize
6KB
MD505479e65d8dd9712ecf3e3d284a99688
SHA19b68baad0ba475f7bfe6c86634e629dd814ddce3
SHA2567f03f6ec30ab836abeb70431eec481493d5bb76444efc8d98f99713739a9c3a1
SHA51224974f9d9994c2e119f57867cb8f995a29609bd60c7700b6492837f26ca9d51fbbc2cededcd018a5fc455d0f47cbcd30e38d857eed11bd94ac31bc74f42398ce
-
Filesize
128KB
MD5b05d6aa3db6b522105ec367b9c4493e1
SHA13ff7ae5e9b8d9d150c79f465f899f391f79bbec6
SHA2561b9c9384c6bbd5148fad34f2d1f543618fc3a80c64e7473ae8fa34ffae434307
SHA512d0309dcfd6413d157f4c6a4611f24f1560da650fedca275b13f3b4fad1edf2eca9b66ce304887457d6ac77a647b1d779577416f1199795c1a167f5af4725fe7d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd