hxxp://google[.]com

Analysis

max time kernel
599s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 16:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585375866504963"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
1852	chrome.exe
1852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 2336	756	chrome.exe	85
PID 756 wrote to memory of 2336	756	chrome.exe	85
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 2252	756	chrome.exe	86
PID 756 wrote to memory of 1568	756	chrome.exe	87
PID 756 wrote to memory of 1568	756	chrome.exe	87
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88
PID 756 wrote to memory of 2768	756	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5ea9ab58,0x7ffe5ea9ab68,0x7ffe5ea9ab78
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1900,i,1102350822245069904,4422967738095522445,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1400

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4840

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d1cb62157b9d54d7ae0a39a21d5cf612

SHA1
1167f1894d5963e0de2875aff6c895a286b10551

SHA256
346ad3f8f128f162cccc84d2de92576551f1607192b48b34cf12e0a9a45ab128

SHA512
c2e33867a4af1bf49d825ca0ab36f8fb4248e4cb71f83102c633b1853c5094fb06c9ba3ec5a6fd27d85d932dcc2f5cb1b6f0b95e92eec797219f9a7be5b8562e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2b3cd06b06dec8b9a5080be150ac0d7d

SHA1
24d7908d86760050ecedf23f4e026f7e36635881

SHA256
703702370c49b3c35d5f0f9bd7b41a07d3a3237fc3555375d72b52a2d5937e4d

SHA512
1d6561815e93fa21cced19de4ad94d37a7578f0435b2b64618b4208814427088c8f53234e9032a1c308f85096f8e018d7fa505f901c7293249dff41a3d58246b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4c3a73f958d6b7323a5be63a84140b22

SHA1
566c4de0e2e03d74c17fc896cd8ed26e0f46b97b

SHA256
69886186eba4d286d9088dfd49d5f143aa7c11c98e3f1ce1094be3df644cf0b6

SHA512
aaca5c79ca459bc9a8ca8f686c31861719ec46fba63003b5f05f35f03a8d87cd9038910126d6b52fa65b82a12c0ddcdef2ef8e20b87950be0fde3e2f851fcde6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e6a9b581d8e11bfbeb33ee172e9e356e

SHA1
3ba1e4531f072af7ff4470763f339e89fe0ddf02

SHA256
fc758f77b64a7671201b05799b3adf8067612eab85a29908d558891b1ba6bd07

SHA512
d7f45c9bcceff720cc1062cd7e21207e4bd1f56cbcbe7bb544daad78a9bf2aac5caa7022ae1e154b3a63df4a5880795c40f06c2810b6194637ed5e22314622b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a3ef14b79d04706ed4272d55caedbdf1

SHA1
efb2d40607dc58c720573a19598f9f48377960e1

SHA256
7a1b8553f8460ad8ece48e5c22970e75df07ffec77cdacc18f80dadaaa5b3b21

SHA512
4e73c30a6e446ef2597d6facebe41bb5bd9f79163acd1761bdda91693ffd01ca2bb13637d8385fe1bfa91ddb0b87c7c75bda29e371751b0d0af49d569f2bfc7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b4912931095b22bc873b6b163e0e2e2e

SHA1
487ce907b761d9280cf29660bb655466339dbb34

SHA256
8fc62a31601137b657c755a2eb836a581d5f36c60bf4c81f0d2db646a97bb4c2

SHA512
c3cc15d1008974580545c0a1cdd1d6ffdb13d7965afc234f25d6673eb6a4551a3bca1da154817da95256e117e938365b7909f540e6eccc25637bab7f41dccc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
75d8edfb4b46a0dc9bfeb6f44f727589

SHA1
40f2615122e9c251e11437077d40823d8e453e74

SHA256
502949d5fa4b43597826b92b74bb6ada2d9ee8932e88d25e6aba225004845ca2

SHA512
c030631625a80854ebea504a3f047c34862e7971c4ad944951ddbfe60b856981eb5ef9787be79c5d4a9d490056425910f8caa7c27fe99258254fe4ceb70f1061

Download Submit
memory/1372-104-0x00000222E3EB0000-0x00000222E3EC0000-memory.dmp

Filesize
64KB

Download
memory/1372-120-0x00000222E3FB0000-0x00000222E3FC0000-memory.dmp

Filesize
64KB

Download
memory/1372-136-0x00000222EC320000-0x00000222EC321000-memory.dmp

Filesize
4KB

Download
memory/1372-138-0x00000222EC350000-0x00000222EC351000-memory.dmp

Filesize
4KB

Download
memory/1372-139-0x00000222EC350000-0x00000222EC351000-memory.dmp

Filesize
4KB

Download
memory/1372-140-0x00000222EC480000-0x00000222EC481000-memory.dmp

Filesize
4KB

Download