e4c75918ec155c619679681e2144ae3d487d3c6f00e8eae71052babdb38301ba

Analysis

max time kernel
405s
max time network
369s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1-nN2yNW1j6LMo1bs8wFaVkZ6f-UDqPzz.html
Size

282KB
MD5

ba2006aed05a3a2151b014a0ce9a8334
SHA1

d2f1f788340ea2697b03cbaa5ecae2058f5fd2de
SHA256

e4c75918ec155c619679681e2144ae3d487d3c6f00e8eae71052babdb38301ba
SHA512

59788982bac4706ad4a4055709c38295ec1857ba3730e9e4f0d6a7edcdedec5e83f44f3550e8bbe9fff8fdff3cb7c13e04901191419b927d4c4a5aef19911429
SSDEEP

3072:r9nrSHewGfY3rUAKfoOXO/8Ylbi/J79MCf4M3jbAn+paTwTI:huHes3rmR+UT3A+pkwTI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576671282074404"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 872	3448	chrome.exe	84
PID 3448 wrote to memory of 872	3448	chrome.exe	84
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 1620	3448	chrome.exe	85
PID 3448 wrote to memory of 2992	3448	chrome.exe	86
PID 3448 wrote to memory of 2992	3448	chrome.exe	86
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87
PID 3448 wrote to memory of 1460	3448	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\1-nN2yNW1j6LMo1bs8wFaVkZ6f-UDqPzz.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff813dcab58,0x7ff813dcab68,0x7ff813dcab78
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1900,i,3937510689869778793,17624287195991198804,131072 /prefetch:2
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1900,i,3937510689869778793,17624287195991198804,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1900,i,3937510689869778793,17624287195991198804,131072 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1900,i,3937510689869778793,17624287195991198804,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1900,i,3937510689869778793,17624287195991198804,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1900,i,3937510689869778793,17624287195991198804,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1900,i,3937510689869778793,17624287195991198804,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1900,i,3937510689869778793,17624287195991198804,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4a582d7e-3fd1-401c-8555-3c1f867e97d1.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f0fc1ee0772a414526a202b8afed8d3a

SHA1
be2d75ee7553175fc133474177c1990d3e6df17f

SHA256
1ddab32da6d8b7ca154b6523a7c6c969dde57497f4e50da75f69e6ac696c7bc9

SHA512
64664443dd385395504e40a83155e0e23eefe52cda1b946efabd69d548b30f9502cc05ab66419660c1df1148593c4f4b989fc0d9840e8e9e25a280845359b90b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e80d75b2e9b7011ba1e3a268145140b

SHA1
450eb531e3197f5878c1786fff2ffdbe12a5dfc0

SHA256
1c6df30024cb41418d8fa44b5e5b57ec55fb2b4d564e54702e0afa7dd912d8af

SHA512
a19ac047741c4eeb3b1f346d95a8f9a0f692ab064bd59b41cbc4afa6ed1c93e6c4fff55c5f7d19991fb80b0ff8c4ee28720ad1ef5a76c105a36a4792b5c2bfe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6d4767f7cc591c924a7b675d740054b7

SHA1
44d28c06078be18a51493036d6ed122efabfd32b

SHA256
860250b9c054280a8735e9875bdeb6bdeb9396e9936148f5ad13eb06dea89d8c

SHA512
f72586b20c19de951314f323a23441c90b345b3d516e9b75b8e6ce44809744592b5e204eba858725f15423cc1aaf641a0f8cef2c07ee72905e194b2b6d783455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c4a78bee965d6905837f1ed2f441ba99

SHA1
c7153b631a46e2c5d9b5cd88be4ef8d2fd08f616

SHA256
c40fb08e1a195006c2d5f7359cd0694bcc2eb31d34426ac76315db9b3e1b5bb6

SHA512
7fe6698477178a56ae027ab3334a9d01051e6a845a2f3e4f4e5adc658c0f0c5c2c4546173643b9de612f63e8d7fa2a20a49696860fc7c3bc4bfbeb9c11020e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
befbf986d10e830da21babb0f5ca3312

SHA1
d0f93cf97b4d90997f7ecab5cc54dcdcda08a095

SHA256
cb7f6e158b292641cb008b846dd7c43b4e95fab7fe7d89e84a15a3f77e496282

SHA512
27b30109c13f871fe4620083136a60710b0a8f9f0dbbf36382def0ffdb22923e694a7f513e35aeaa529180aebd0345f02a7ff2f1a0b7ace459478966d4a5d126

Download Submit