Resubmissions
10-04-2024 12:56
240410-p6qpgagd79 110-04-2024 12:39
240410-pv43qaba8s 708-04-2024 16:21
240408-ttseradf78 106-04-2024 08:39
240406-kkr8ysfc55 606-04-2024 08:14
240406-j4467aeb4x 1006-04-2024 08:05
240406-jyx6paeg54 8Analysis
-
max time kernel
1800s -
max time network
1685s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08-04-2024 16:21
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bing.com
Resource
win10v2004-20240226-en
General
-
Target
https://bing.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570679929245217" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 2556 chrome.exe 2556 chrome.exe 3348 chrome.exe 3348 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe Token: SeShutdownPrivilege 2556 chrome.exe Token: SeCreatePagefilePrivilege 2556 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe 2556 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2556 wrote to memory of 464 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 464 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4596 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4972 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 4972 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe PID 2556 wrote to memory of 3744 2556 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bing.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc51e9758,0x7ffdc51e9768,0x7ffdc51e97782⤵PID:464
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:22⤵PID:4596
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:82⤵PID:4972
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:82⤵PID:3744
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:12⤵PID:2236
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:12⤵PID:4956
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:12⤵PID:4312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4760 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:12⤵PID:2120
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:82⤵PID:2316
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:82⤵PID:740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 --field-trial-handle=1932,i,15673293466181684968,4950851727000174257,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3348
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
648B
MD504ee56e5485943eef14ab0f93cf34640
SHA1b211b7f3b4b36b017d590f81beae16ab786e03d3
SHA2563560c4839f95f859e7060d49491c8400f80da67b31ff49c6bbb4e1b643d50558
SHA51299669497170466b4e3f76d7a1754bccd68f1340c9c609d058fb828b519f5098601dedccbc04fc6017bd7e1face97266877e105020cfe2aca12a92d56f2366898
-
Filesize
1KB
MD5c7e7c0302c6eb8ab3f4a1d571ff0fb68
SHA1e4323a3cdc628654045348c0ca4dd867ac465db4
SHA2567fb519befd0357711e9e798e5b7da112ab98dc06ce1b518c812a7170c5e3007a
SHA512bd00e66a2eab0c511dca11e447b284ea5851f3feaeff68a40c93ee8b6aa01a74f443c15d61da53e5034daf61112381166df1d22e34d9a68e657ddc5e75ccaaab
-
Filesize
1KB
MD51e05c265adcde78ec9b17e4f66269922
SHA18dbb1615c6fde0468cb3f101e749634e47b314df
SHA256a91228eec0e580f9f13d327ae5c9a49dfa82ff45503a17268ed840f10f9712b5
SHA512ffaf024edea236b3a21e2df116770bc789e5c49874ed05625d7bf9a3a95c4febe0059c7d0f6badebb9df9cdff3d973a2e0dbf4e198ebd4e08040c087aefe829a
-
Filesize
1KB
MD509c252c34fadd6aa05eb11829f4aea62
SHA107842fe50fe8e891e320b8767cf79074fd783186
SHA25692c7093c6b00a2d65845c79be66fffa88efcf193ea87502fb0ed3a3364a23613
SHA512f291169c4b83139047f76c0d945ffaa39e7b38d96f371cfeffdbe85391cb58b36bcf6c642508a1ed77cdd8ab5dbbf2d50350211dc2a2aa26e74709f1c29bb6ff
-
Filesize
6KB
MD5988615372c004e09182d57db93e44c97
SHA1a2f30bd63e72bcc7c8feb65afa6febe1ee486439
SHA25620d19081fe94e6982b2929bd5e1ea571f6ed2120edff191029ca2710e15526a8
SHA51225b7572ce1489e4ec69b23404ef13a9c44b1d388783f0bdb054f65d0e954a69607f4e543b9b42bd90b9f70d97ca4b1474266a53e8776bf207ff29d64be3ced38
-
Filesize
128KB
MD5d3c010c20f3621ff642c12f6d06837f5
SHA1b8b75462c36e4178a75ba1c428496c1892d92610
SHA256a10c527594ca54743165ba7fbd4a4f0f661f616c05c5e364ec0d1df2c58cf23d
SHA5126afff900d06d3e52d925fc8c1097b34623956d33c208955d9232e6fff245fa53a816b7b47c921d61a4636facd48aaf10154192ecf1fd50835599fbff71dc09e0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e