hxxp://google[.]com

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582839203743502"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 708	4864	chrome.exe	85
PID 4864 wrote to memory of 708	4864	chrome.exe	85
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 3744	4864	chrome.exe	86
PID 4864 wrote to memory of 1156	4864	chrome.exe	87
PID 4864 wrote to memory of 1156	4864	chrome.exe	87
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88
PID 4864 wrote to memory of 3324	4864	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7a2aab58,0x7fff7a2aab68,0x7fff7a2aab78
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:2
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=984 --field-trial-handle=1928,i,5911726474330555464,16419728434520755511,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
5161c3516e21987306d4c9697dd3db0b

SHA1
48e517da5f84c4a740609934fd98e263f43ba74f

SHA256
fbc2c676af31c7789d2acfb2d271a91b8cb2a64139b145d36c8f49f17cfdb1df

SHA512
d052a5918285f58c51602f55fd218a03e21936e783b2e3ecf62f3285ca7bae8f19ab6a95837eb5a09e78e8222aa7fb06b481c80864fad438e96303d5f33e6549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
43b97225aa31cf473eb3d9522d098928

SHA1
fba51df6baf961bd9efbe515cb37bf450a92d926

SHA256
5fbaa54cf0fdccdc41bc923b4af6a5f7ad3691508c0c88303d45fe758213f414

SHA512
6eb59125c7bf21dce8d915c07765b1b327a38d0274118dfdc7e2e9d84c55c9a64fd495d7c6e52cc2d381fd3856d15e6c6f47d20d8a659494886e35a42816e922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f2e163b375182dc0030d4c6d01a23724

SHA1
b4ab0b633c4538e2c892c5d96569e70332939c58

SHA256
cabcf808e1f7fe1082471bbf40593eb1f898d9c3a14def501ce77d3f477663b5

SHA512
1d4808e91e4f22913c8969c51d7d383d08cbf024a30e22201840bb12287d8f4e6739783f09c26be7727f30a728c22864546fb2e0ec014f9ce116ce330afc6dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
29a8fc91ccf11d71597e32043689c4ce

SHA1
05a7f01db25bdba8e4e8e0278084d6135952d5ea

SHA256
3c892c5dfdc8ccf039c55df6766fba47f357f9feae8d3b33f9dbc8dec395c082

SHA512
aa920fd772901270970cb416a2478f79adbcddd57f2a0f656d3f12454f585e0b17b9606cc2e3377519f4347b7efea63bf7be5735751c338524d63f6baee10cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f12f67322c2c6eb576fc1c8824a7c504

SHA1
e58ac9dcfa4aa1f55e0bb36d5d2c36483ff64f53

SHA256
0927635af3e34fce408d58c52dc6bfbd07ef5b8b2a046c7bd960f501a9bd258e

SHA512
534a3b6cfb1cf4269d2297e2b32592908ada3677f64592def175a39efe6a5470acd56ee9bfb434d178c0a32d736dca1156f6032e61fc6e06e01a8813069bc517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
3f62d6029236f6357f44a82d2122066e

SHA1
5a25000e73a1e1059e09128d7fb2e70121174c52

SHA256
229bb97642b1350b67c7f662b2b77d8e3d0a028f30a586426683e829f873a798

SHA512
3a83cb8a0b3b279c8fe4279a5d99be3fcf9ee8d62946f2d4ac48269c3c0faf838ad22e4be98c59218cddaf06842d13aa1c465f242dcdf04c2eec8e936d45cad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7b113a3439f6810ccf4ddfd9485793ff

SHA1
1fd8b61615048dc1cdefa2a2152bf9b02edfbc1d

SHA256
b300f608bd321d27c8229d22ab564105db415a6b8685ae26b52b456b3de83309

SHA512
7f045fc8cba66f806ecee6c3cd2232ee71fbb6273f796a06f41eb6266f432b955ea95a05591e2b3c0db0b6781763ce55f6dd062dfa3b908c63eca46458584dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
f999c9220e59caeb8dc35f0cffa5f5f6

SHA1
a64b015faa3baaf2d5c1e853ef48c7f7d1c898e5

SHA256
26f274ec616683bec324306d49d354f799f4ec197946efdddff6d68df362c361

SHA512
62c3210ae765be3d43524b5293f6649900fc257b0b4df03e9da0d679decdd560947ecb3c349864d784bc186977e605c69ad9a1f8c908a322530a921c6e0adeac

Download Submit