hxxps://impactnetworking036-my[.]sharepoint[.]com/personal/wroberts_impactnetworking_com/Access%20Requests/pendingreq[.]aspx?mbypass=1&ApproveAccessRequest=true&AccessRequestID=%7BC5331923%2D8765%2D4ED4%2DBAB1%2D0C870BEB448E%7D

Analysis

max time kernel
40s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://impactnetworking036-my.sharepoint.com/personal/wroberts_impactnetworking_com/Access%20Requests/pendingreq.aspx?mbypass=1&ApproveAccessRequest=true&AccessRequestID=%7BC5331923%2D8765%2D4ED4%2DBAB1%2D0C870BEB448E%7D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576852434971539"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 2808	4040	chrome.exe	85
PID 4040 wrote to memory of 2808	4040	chrome.exe	85
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 3384	4040	chrome.exe	86
PID 4040 wrote to memory of 4736	4040	chrome.exe	87
PID 4040 wrote to memory of 4736	4040	chrome.exe	87
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88
PID 4040 wrote to memory of 552	4040	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://impactnetworking036-my.sharepoint.com/personal/wroberts_impactnetworking_com/Access%20Requests/pendingreq.aspx?mbypass=1&ApproveAccessRequest=true&AccessRequestID=%7BC5331923%2D8765%2D4ED4%2DBAB1%2D0C870BEB448E%7D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf8d2ab58,0x7ffcf8d2ab68,0x7ffcf8d2ab78
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1864,i,17188596066669131722,10597825100283891373,131072 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1864,i,17188596066669131722,10597825100283891373,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1864,i,17188596066669131722,10597825100283891373,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1864,i,17188596066669131722,10597825100283891373,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1864,i,17188596066669131722,10597825100283891373,131072 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3556 --field-trial-handle=1864,i,17188596066669131722,10597825100283891373,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1864,i,17188596066669131722,10597825100283891373,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1864,i,17188596066669131722,10597825100283891373,131072 /prefetch:8
  2⤵
  PID:2628

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
b41d4d48dc427e6586fa0f1b83dd750d

SHA1
c4fe3c0b5e45eb5ce740ffbd86ad09d3f59fb196

SHA256
97597bcf5baa5cd9ebc643e8aef1ffdf1d4bc8c540d76bd2e11e2fb1de0da01e

SHA512
ed0f472a83685d752e0ff88dcf3f865bf06f1e0ff1895cc04088289137cf7ca7bb32f79e62c35576805e7f51ffd99b30058753241644d0f0e6c486e321897990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
99036bcf06287e818309029192d97f9d

SHA1
77c8e7999d29450841be428336cb630077b2982a

SHA256
349872d1104ebbdfca47e21e6765549b80ecb4f1ac3f71bd0a3777b13d83e8c3

SHA512
8466e815d74b1abef54ed350f8efc6567c9285e3149e647654ef48caa5a514cd17b77d55b0f4646a97cfa6d931e82e04f8ee07e846becfbad39d159ed80fa530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01d5a327f509883f067f58a7d798b8d6

SHA1
a2088a20b1f4732ba7e249ea01a81802e92a74cb

SHA256
828f473b80a8a03d8e846b7df19231ac110f08988d5d3244039618fd0ac48e58

SHA512
24317b6d75621afe2b419a60f18857d645e6b1614c269a54b4b41961ebac4f0b9839fba7e0b6ae5b927e85d5e09ced6347c17a4dd76ce6ea443efd6d778c977b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
844414c969848ff06549ad2136a62d64

SHA1
28c541c3ff944a5d8fd156d48210a65c3ab9845e

SHA256
eeb6afd8f51f8e79d773dffb3840686b31b8ea4dd63935d9eda2437dea5ca409

SHA512
b4327b8b87b99edcdc353f4b9305e7b1726d14c186b3057509373e2386e7224c347d5b73589ad7015c3b3322db88d05055d5bb390d984f2e0fa8961ba1c499d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ed473ee90772da2e84ac22bd532dcccf

SHA1
6b2197da3295695f0825e619afef824264493648

SHA256
51b4587ca5b043bcc45a178085f1a47160ad4cdd103b423dc99f7c860708aaeb

SHA512
c5808be1870d0dd4e30cfc984ff13d79f38b82c372f923064750460bc60962e94fc096e8de92cc794691f89bb8241f7c79901cf19f70121f69a30c10f580c2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
7d7a5ad4ab74e8e9089e145178c6dd7a

SHA1
055fd4b52aa7de10cc3dbcac7ee0258c7dfb14df

SHA256
79513c82547b4a061409a6f71386c3f9a11fb76f531cbe49fe935da265066556

SHA512
a0e7a7be393eafd5adf4a33e4a6ae7ea7cfc7e01feba73b62c26c90b5bca2b0190727592f22a92a2ee4836b17dae108920edf1323391874e8c516a53faaa4418

Download Submit