hxxp://url[.]zip

Analysis

max time kernel
299s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://url.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572347369180733"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 5040	4788	chrome.exe	85
PID 4788 wrote to memory of 5040	4788	chrome.exe	85
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 2400	4788	chrome.exe	87
PID 4788 wrote to memory of 1508	4788	chrome.exe	88
PID 4788 wrote to memory of 1508	4788	chrome.exe	88
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89
PID 4788 wrote to memory of 1636	4788	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://url.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee20e9758,0x7ffee20e9768,0x7ffee20e9778
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2848 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=828 --field-trial-handle=1784,i,2504534924791111691,11658405886900812848,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
a839f836983d4b8d769caf5e76bda3c2

SHA1
2ca8e54659f6d6c4a0e1f7a9673d525d188d1e09

SHA256
0144b6e67794ff6d248051579e0386c775fcb196ac31a9db618a1f10af5463e1

SHA512
aac10cdda3ae9dbc3c8ddbef95440eb8b3367be7a83e284e7dac4cd655ad3591c1d2edb9af769a6ac837784c81548f04dd3bb8c14af17c254c2208acc0a59956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
439e98f2dda36a28e801dafb87686cd8

SHA1
5b975b4fa69ed63b2d60c545898fd30288eac7e2

SHA256
45889489e0fbe1871db4ffd6454fe996fba6487b0ac8bc7aed7d4d5d25682a30

SHA512
b2dcb597d8c49e90f7d5da9c9ea521f4a5a3fdf03895524d7b5180a3adf7141fefa68366ee82598f0d414e96c1617250c606bea75344e2880ebbbc423d5ab246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
58b86419a154c6ea3282293ea8f5a31b

SHA1
643631d12548ceb10a452af0ccf65296b2b6df14

SHA256
aa5921338da95f7583d31916a35387aa93f859c06ba70effdcd74f2c4135fe1e

SHA512
c35d6cb71efcb3ee8ce916b3beac097828f4bf27684c3d9466e6f41fc3ca55394657230e567f21caf77d9114272f8c5a26f1c6d8e3bc4cf482c57ee05ce560b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
73af50d82b3294a426c3319ecc5640e1

SHA1
bea2fa38789600ac58267648890ec333ca76425c

SHA256
741843d031891ffeb4df27c040fe4c72a6b73cc83621e631312f3475e97acb30

SHA512
969b4ed55d98139cf52655725659cd98cccce715b98448cde6c2bb860bea093ae15b1e50c18d0de69a69ea6ccad63d4523f2393983c8ef9e6aac949e445dffbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
55513ad4a96864675e6e16d5120e96db

SHA1
f1cb61e45f36cb806bff1e2b13caeb848726a46b

SHA256
a950c1723b40a5c4b32638adfcb0501b60f26748d3a6ccfa0719c4cffc9816d0

SHA512
d6ee67517ea7df6f5267f7302402b950ec563ecd0aa371b31f0fe95042cd20af4458ff089c23f6a764f9825d3891fc89875b4692535ee984769ab69205dfe58b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d3565799fe9c853d5dbf5e232aa59d0

SHA1
2a188bcce00350820aaecd04e2fdf19aea51d821

SHA256
1719f5832146ad2a07274d69fecf0141314b3f6eaf3b7d4cd525a8a9528c1918

SHA512
b7555cdb2126df64008f20ca3433ab685c7149a6801fca11c2834948b560d911793b5006be79276135f92f264e94f80eac085f8ec7ab0ae76b031cc6fc2ad72f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
b3d4e646721f9d893fa95e62abe43db7

SHA1
a7434f126710fd2d29586d26bc8aa2bc10664d68

SHA256
b473572897c3464e8a68f1c70979a9fa30e21f7f771f10a411945ae91c067882

SHA512
ffb856e4104b1030087bc83e8f568eba4d3807c3ddde1e983552bd3436de4b18669b3e765faffd209697b7e8356eae5c83b7ee82973c5eaef748cdf00c4ea11c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit