cb47ea2874f62051e1191d431ac04dd1c0d42f8c4d1bc84fad88fb6606a2e51a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2RtM7Q4YDGhxPSDp08_L1ZsaEasVSWdRNwCt6LBkbCOjOFp3LjgGgZsk-7WpGa1nAjXunZ3KNRyNkaCV5vL5soLa4qdz7hYd9VwU.html
Size

4KB
MD5

3f42321a61e2fdaa39e1e786a3f897a1
SHA1

de9814b73bbd05f4f04d2be88b7f336576a58ee9
SHA256

cb47ea2874f62051e1191d431ac04dd1c0d42f8c4d1bc84fad88fb6606a2e51a
SHA512

42a922c7c74fb12c08b8c9cfe798a10b1c25273b72e1dcea9265a84307c52db1cfd08bb0646a4ddb0b41375e419f30611a32dfecf1d3807b9f2ab94489877f49
SSDEEP

48:3/M5PtnNiNLdvz6t+V4KTXP+7ABLQ+7umG27mUDwQdR2UaNuGfwxEhsHaTutj6eB:PM5Ptuvd1WPmGIJEwahsAejceVKa8g

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572896520757138"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
688	chrome.exe
688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 4452	1880	chrome.exe	83
PID 1880 wrote to memory of 4452	1880	chrome.exe	83
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 1216	1880	chrome.exe	85
PID 1880 wrote to memory of 4472	1880	chrome.exe	86
PID 1880 wrote to memory of 4472	1880	chrome.exe	86
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87
PID 1880 wrote to memory of 4776	1880	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\2RtM7Q4YDGhxPSDp08_L1ZsaEasVSWdRNwCt6LBkbCOjOFp3LjgGgZsk-7WpGa1nAjXunZ3KNRyNkaCV5vL5soLa4qdz7hYd9VwU.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb0d19758,0x7fffb0d19768,0x7fffb0d19778
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1864,i,525706640307690102,4314528797149087811,131072 /prefetch:2
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1864,i,525706640307690102,4314528797149087811,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1864,i,525706640307690102,4314528797149087811,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1864,i,525706640307690102,4314528797149087811,131072 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1864,i,525706640307690102,4314528797149087811,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1864,i,525706640307690102,4314528797149087811,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1864,i,525706640307690102,4314528797149087811,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3232 --field-trial-handle=1864,i,525706640307690102,4314528797149087811,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
28609460168ed3c33129daec1d5fba70

SHA1
c9c1dcb9503b12a19acff3cd857efc6c56faea5a

SHA256
ed93db71fb1bfcdcfc4b6e39e590852468988472c3206874589095969f57eb02

SHA512
a3c58f5dcd9ece060e03fc0470cc51c2150454614dc22e4e64b827668862bde708d13ea7b7c9875594a69d52a933c762329f88d0d4c9c2d95ad5af6691ea94dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
db403eb19e21d496973de79c74c72dde

SHA1
d129fc270cd66cfae722bfd8553f93dcb4b05c8f

SHA256
b7b8b1affd670ef99ded00786d290b77a68d6b88ee1e033275059418ce74fc2a

SHA512
bce23f2d9a4862f26e6c03704e0c0983f4fadb8bfabb98d10de6ff24fcf56bc6a21d704d51c22bc41064d4f61f2a3eeef43eb388ac0c14bfd3debce2d3cea298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
677c168fa1eb2712ac0eb28b0b0f6ec6

SHA1
29b6fe3427412c9eff246e35b6acf772e98f7212

SHA256
a2c2a975c4546294c0bbbace2e6e9e5ec5197960c3f55036020624a52bf56bfc

SHA512
ee6b44bd3b915bc7acf1473a02cb5441b72822de40da58c6346838cd74764dcde594a23ef552361e0ffd0ea3c2eb5c485995cba6f203b814c511edc5c754ca0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df48b92107abaef05fabd8053650b6bf

SHA1
53385f80ee3333c8d13fea7b5981eedbc11636b1

SHA256
5da4e7ad6f85a80385b73b96a2f59425a98f175132b18e3336a4e3766f0a28ec

SHA512
7fb396094f5fa5c9da4c598bb538809c1b34d75b904d1602501bd83754bf5a3635fe001a76a7264e1b6d1a1e739542514ded853f31c6fbad02a02d3634e1ecda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
112677bfbff945e0b4cd0397a7a15d83

SHA1
3ff2de6c9d93d359b8d5323794d32b19105612f2

SHA256
c8122dee544f927d7515ac9ab83c99b102e27426f7d33a5e17d8cc775c3f2e66

SHA512
13db01bae0176f9733a6cc707fbdb70c01880a4c02b7c45668f79b16b0a2c2565c3608cf6b22e211056b5bef2b5eb3d0e9bf5463e7dcef9230379ea66d12869d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit