8e1581aa2026a0bd025773020ce28825c5ff751bb2093f6a8cfce1be5c1df0a1

Analysis

max time kernel
1800s
max time network
1799s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

ddb173461c5e7147eec293a820c9c7b8
SHA1

0242500edfca59c9116fb4201058c64ab6eb2375
SHA256

8e1581aa2026a0bd025773020ce28825c5ff751bb2093f6a8cfce1be5c1df0a1
SHA512

2ba56506e81aa09eba41aaf5adeac8b74841e73b34ef16666863ad53973ef6df15a206d65653aadab5cbe7c094a37f36ffe4373722e943596f8d3cffcb0bed8c
SSDEEP

384:rFTFCRDpmReVoOs4Mi9ylKeGMOU8HhhbCAy7rS2LjMrSTpcVJCBXQL:rLEBVoOs4MmyI1MkBhb/U7MrSuJQQL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586246900925631"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
368	chrome.exe
368	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 4080	4512	chrome.exe	92
PID 4512 wrote to memory of 4080	4512	chrome.exe	92
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 1236	4512	chrome.exe	94
PID 4512 wrote to memory of 4556	4512	chrome.exe	95
PID 4512 wrote to memory of 4556	4512	chrome.exe	95
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96
PID 4512 wrote to memory of 404	4512	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa06949758,0x7ffa06949768,0x7ffa06949778
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,2454617657162997925,8004048289863863445,131072 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1888,i,2454617657162997925,8004048289863863445,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1888,i,2454617657162997925,8004048289863863445,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1888,i,2454617657162997925,8004048289863863445,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1888,i,2454617657162997925,8004048289863863445,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1888,i,2454617657162997925,8004048289863863445,131072 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1888,i,2454617657162997925,8004048289863863445,131072 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2708 --field-trial-handle=1888,i,2454617657162997925,8004048289863863445,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:368

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3988 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81612d72-99a8-4b33-bf2a-b3bc49cc52d6.tmp

Filesize
5KB

MD5
8797d6e016c351bee29b6eb5814874a7

SHA1
c7bcc0ed4aff400ad9c0c0491b841d8df5ec50df

SHA256
9de932c0ad3765ee1141022d53d5d83ad6150e2048f084b3dc7c38035b76ba2d

SHA512
578be8dca6ebac219009a160afd5f0670c44f92a6efdea773c0c78fe87d882ee3b7f19bfba1bccefd0f5a1038a67c3e55705b537d15def450fbc85ef2bbe1b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
135e7d075bb43e507934e1671c06f30d

SHA1
c5156978819512bf3dc0c533c894cf7ca3cd359d

SHA256
b9b583a138b1fdec3c0ef52bfac1d1fc73ffd1b47809825c66b35a7ac819075c

SHA512
0f0fbabc9f031ddb4513f206d237268c4b58e1b2c382a27611dbfa9d90a7fec1a1476b138847d047ef0b882eed72014d78fbd36ec325221fe7078007c95c2b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8e3c23ee0b25a3217e13bf59f6c64db5

SHA1
80a542780322510bdc3a2fb9cc7947ec968c5936

SHA256
1d8b629dc2335e4acc59bf3430168f75585411f20b56f9c9a7cd58f7bf7377e1

SHA512
0daebaaed45a9e6a9671e078848f0efd29224a3000a787dd6a36ce268d4c93f3269d9cfb2ec03562f8004eeb49698a2283e67b4dc5f2ffcb56a272feaefaeca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
766312e5e206292e68461b8838dcfcf8

SHA1
dabbf4c4499543f7c73df6a64324745796a484a6

SHA256
f14ed3a822bbe52e626f229ef1ceab351c52548905eeac0a607aabd314547777

SHA512
b962c69ba4d5fbf5ebe934f9061fe99dd0c66b88b79ff0a2d8faf5d62d1ebde04b21c57efff3f95a50d366e3f1e232abd914b8076d09fe65eabea4ef6cec0b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit