hxxp://slidesync[.]com/Grk9rDEvVp

Analysis

max time kernel
35s
max time network
33s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/04/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://slidesync.com/Grk9rDEvVp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570430675993729"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 3124	4512	chrome.exe	73
PID 4512 wrote to memory of 3124	4512	chrome.exe	73
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4412	4512	chrome.exe	75
PID 4512 wrote to memory of 4504	4512	chrome.exe	76
PID 4512 wrote to memory of 4504	4512	chrome.exe	76
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77
PID 4512 wrote to memory of 2828	4512	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://slidesync.com/Grk9rDEvVp
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9ce089758,0x7ff9ce089768,0x7ff9ce089778
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2616 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2624 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4452 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3040 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1860,i,1245540591908098844,4258776396409730682,131072 /prefetch:8
  2⤵
  PID:2496

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
1ba10d39cbf1c5978cd14af7f2043038

SHA1
57e97cf5a3e83bef92569bc6c449711aeeee6345

SHA256
dd2a888565815a0ce9816b08118fb6d7f4ac93c1c5f4bd6394ee1349f6b590d3

SHA512
85e2f4b6076528f1e2bc1461794bb7e3dfec68a62e02dc3a5d715e56b5be775e0e15996fb6df5681cb97b9f44544b43e0f776d8d783741bc6e4a1e696d2d5b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5488f201a00c89dc4628dad4908078e6

SHA1
73729277b781997b56dbf4b427bf4790986f6de4

SHA256
8d7119419679d6bbed7f34fc77bab0e8ac06440d81acb9b97957c6a6484dcd19

SHA512
ba7ca0fdaa14b77de54834599cc56f8b44872df64b595148530e07c33debafd0d819104bfed389c4bbf475fe9dc852931cf4997af2ab5fa91e7ccd1e56f5145c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a9fc69e326e7113dbb8aa8e7d59403ce

SHA1
9ec38af0ae3e6b9fb954ced7c15b00793527cd32

SHA256
655b22501b30ccd895b3be7536961929db3d0a5448192fa35456a427fdfc9b83

SHA512
d97b13e2b01406b46a35444d6a4b2af8b0f01e72a2f003a3efd025d929cf971822f88aa4f010fa22a39231ac8d63d4274e834b87266477f9a41ed3cc8a315899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
a23339ecd833491b1321f45a7d390f81

SHA1
e281812308a6849d2b840fbc5bc81b7d6e32093e

SHA256
59c287bc07a288006f929e9ee12772d93793f87644edbf9ab73c0801d0d98839

SHA512
8518b8d2dd9c2da908c2a36320e9b1a690d71ed27df9b9132a58cb3882df0dd33a504cb567b7abb88231b30d819e27c3050bac99c7129d13f18554fd3f3e6a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
b115a0e864042500a6428c02b31f99e6

SHA1
185e02c469ceb4ab2029be68d965363068fbfe8d

SHA256
5acfd7dc007bfe1ec995b79eb39818db174c020776d30588bfddaeaef7c344a6

SHA512
85c3dcd2f0c5c3f65a04264c7a578f936262fcf6498727e6c3a27053d143d0911ef45e51696cc6935e540bd458b0dff0f6fc76049c4ad9095bf1944b2492dbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit