Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17-04-2024 06:58
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.signetresearch.com/privacy.html
Resource
win10v2004-20240412-en
General
-
Target
http://www.signetresearch.com/privacy.html
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578107310408899" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1228 chrome.exe 1228 chrome.exe 4584 chrome.exe 4584 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe Token: SeShutdownPrivilege 1228 chrome.exe Token: SeCreatePagefilePrivilege 1228 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe 1228 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1228 wrote to memory of 2416 1228 chrome.exe 86 PID 1228 wrote to memory of 2416 1228 chrome.exe 86 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4068 1228 chrome.exe 89 PID 1228 wrote to memory of 4952 1228 chrome.exe 90 PID 1228 wrote to memory of 4952 1228 chrome.exe 90 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91 PID 1228 wrote to memory of 5064 1228 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.signetresearch.com/privacy.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2b9bab58,0x7ffe2b9bab68,0x7ffe2b9bab782⤵PID:2416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:22⤵PID:4068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:82⤵PID:4952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:82⤵PID:5064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:12⤵PID:4484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:12⤵PID:816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:12⤵PID:1976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:82⤵PID:4088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2984 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:82⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1928,i,2623842442059649261,1626074330763551170,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4584
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240B
MD5eba22f524cbbc5cc37905f11b67f27ac
SHA18059888225621ef6c61dccd45c6d25f4eaaab6c9
SHA256d99bc5dcff7d38597f753a09a79c6cbaf7ee8e43eb02373e6383f48f5f48220b
SHA512b5b2fbb6ff7219801f7f6fa2bd8f179a28909bad5bc27072bf5c35730c8e2b97582911d6d5a292201998cae93df002024c492cb0159da79b9509e1a44d760d30
-
Filesize
2KB
MD555b0ba91c9dbdbd3eac04310c01fa4e0
SHA13711ecda78ad37e90a62659b67418c0157295c77
SHA256d9791cf42d5bfa5218cd1720e4d2cd330286e084bc8deb008dbaa7ed377e9b30
SHA512a047ae416fea80a74c05689b6bf7143c9ec8adcb24fac684b4b10173e0c1590007e512b84eb7376b87b2fa983a8cb6461b9b7bc3d9860a4fd4af38228272468b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
858B
MD5538ae09aa9fa9fef1daae94b02756689
SHA13376b55f436ac39053a0a4414ba97edf5cdf5447
SHA2563fc7fd91c7d95d7da5e31c682d980b8ac426f331635e868a64877a915a11a5e7
SHA51258992e2e57f6dab510f2b93aea2be9471667283246112e9a429cdb18a97a182559f5d660fda5b75f4d5856b0b41875c4d52d757c3b6fe6f1e32e302989500c09
-
Filesize
7KB
MD598cc813d9ea24bdeb573023f72393408
SHA1f07cb3d943dd3432c27ec41a241ac56fd9be9ed6
SHA25643dd2e297a6fb9a65684e6befd23922fa7d8f930e7d32e1ee0a711cdd2876ef6
SHA512e7145ef4e4b210ee2297544e29e755df8b16749e07525ef14f69ad34df570e3bde45790bc135e1dc2d6348242e43f7330ea128afa6d6b03c61f7244fe453af4c
-
Filesize
250KB
MD57abb18e28e84ca309bada4def4938e7f
SHA1a3fd0e09d65ab612b6712c218c4f3d79e8009ff7
SHA256101407c81ffcea5a15e75be07e754abb5aa23c7a78bed722bb5914792ef96b59
SHA512e7b20587c259d7b93650d523c817e82dbc558a18ac8ec577ccee3b9ba6e6a1b8f457f914ea1c8c7dd69fdb4662ef86e47dbfc9cc2dc186701bdf226bd38e47b2