c11557704e71480126e64a9351feb4f2e4584815236c31cfc9eae646754fd038

Analysis

max time kernel
94s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

177KB
MD5

90576f5444c2645472e2a9bad349719e
SHA1

71303217db70988001c6b00f06325d9fded87846
SHA256

c11557704e71480126e64a9351feb4f2e4584815236c31cfc9eae646754fd038
SHA512

88b2622e04d508f6c6c7f6704a07d799ec8bf5b19c341bcad29e57362bca208056d4b7e0324bd24d24498ab117d912e11c7f2ff2bdaf6429ef98a010fcfd57f5
SSDEEP

768:zWTRUj/rPAZDxMsualiXVWWxVB2/ON+/2oIJUvzmC68aOvAj2RbHQmmdWErm6We6:z9j/rPAZlbusv/ZWaihYJg91cQeb/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587096168227529"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1168	chrome.exe
1168	chrome.exe
5636	sdiagnhost.exe
5636	sdiagnhost.exe
6044	svchost.exe
6044	svchost.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe
Token: SeShutdownPrivilege	1168	chrome.exe
Token: SeCreatePagefilePrivilege	1168	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
400	msdt.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe
1168	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 2180	1168	chrome.exe	83
PID 1168 wrote to memory of 2180	1168	chrome.exe	83
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 372	1168	chrome.exe	84
PID 1168 wrote to memory of 640	1168	chrome.exe	85
PID 1168 wrote to memory of 640	1168	chrome.exe	85
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86
PID 1168 wrote to memory of 3692	1168	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefc93cc40,0x7ffefc93cc4c,0x7ffefc93cc58
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1980 /prefetch:3
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4848,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4012,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3432,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5068,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3264,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3420,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3216,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5416,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3852,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=208 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3292,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5468,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3236,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3424,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1604
- C:\Windows\system32\msdt.exe
  -modal "197132" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF5FEE.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=724,i,4414443816023063167,12130369693207199017,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5972

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1048

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5636
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5860
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:4884

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:6044

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
PID:6072

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:6100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024042716.000\NetworkDiagnostics.debugreport.xml

Filesize
71KB

MD5
924eaa95d12b4d20a566bccd5dc8f101

SHA1
311680ec43a5a6ccfc55808aecc539b54a47b8d3

SHA256
02916b1baef627fd804719913bffd3785021c6368af0070ccf4dcc1269414b8f

SHA512
dc6c749dacea4f2feb10c407517e74082c9c6c6cd59a9fb4ebbaa3e52634fb42fd8eda3603b3415414af9edc28ef2635c356a4922a674f72bd0863fb520f2521

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024042716.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b98a05266af328bba8496cc824d81220

SHA1
92b47c42de6d7833967aa22ff87a0a9b115987c1

SHA256
9eda977c75d8de5b12feca4cba05ffd66b4fe1c1792d9c1d202bad3ebf3f19cf

SHA512
06a1cb1d2dc05810fe4c7d40f76608decdefa844943c28166f980e77718f1730d80822c0cc7a24e5cb188f143ab606bfe83962dcd1a712be56dbee112163f5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a194d177ccde5c31a6eea2aa8f6f8683

SHA1
1b604c8c98177d9f8c07f57c8768b67cd93c3d7b

SHA256
aa2549ec6cff0d5f5c94bb38cad1ed7f6351c66ffb6e0d531771e00093488cf6

SHA512
e36119b29f6586fa2a444de1af689fecc8a71591efe41e8bef0f36880ebb92d97a2547068e751071d6b066b52cb361cfd15422fbb0d77ac3dc9505a962f7adf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ddf7e999f5b2f70726e7512d5cd7488

SHA1
1fc591a28fe91b310eb3919705ed9721717f9a47

SHA256
6b2b150fba6aee79ce1deff56923c656a61f2a336cb2971487c3216ddeaf645d

SHA512
d8d5ec51dc9cc38ca6a61e6b72462492928dc75425f83af6f749c0c48ae54088ae0a2878bf0a5872a13514591c3bdd4bb817e9fce3f533bd74a54d42e0e10648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ded0959477c8e215e8e729c266e2334e

SHA1
985e6e5b8853f01d36a2e84218f2755ccad2f0a6

SHA256
aa8e5c042e739d90cb0756edb9423d185f506762af46df28519c8e4d3707f96c

SHA512
9e96babd5942f1e66c01730f1b7eb9b08637b5fab422a298d0d0b5e4a8f310f394b782327f627a2c4360446cb63518819d2df39485ca2885e20118652937053a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbb2d3121377ddd5b2300568c3eaef7e

SHA1
a375e0e9f88c16b68186a5cddbe63c34c8bc4ea6

SHA256
fbb2f946b47bec90d3d94f547d0cb462fdd1ee441d64d2633683a701e4de4540

SHA512
afb0995a099016a3778c0c958fdb1beb918d2b748311dd5a6956e3838f1a8e08720343518db8d447970aab8ef1e72f90d8ecbcc6ca935d7adf0d702af480fb8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
388b83e84e132045ca6d9892a3ce6937

SHA1
afd2785220bbe0732b2de9fa70478416a7450a6e

SHA256
2bc488fd1a83fc0f17f2158a9e77d9049a03e8ff33bd6fe6db364f39fa8ea77a

SHA512
7cbbb7610ef023d46e14bbf2d47a9718f2595acdf7d151f1f1109ec40777caf7b5cd301516f10372910f7316b3f943928c4b3677c9fd45b9fed9205420b01271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8d3705b7b4cbec90f937f95ba7d907a

SHA1
b64a133d4b9c557662e46ef96b7d4c716a46caf0

SHA256
c2716eca2a350e7aeea20ae003c15f0b7300d4fcc576767fd511736b0587e646

SHA512
7730dbd529a9cb314ea2e6566c2bb3889298d44e6aebd7c140ffdc8e0bd785d116614d44b0d33f8de3865f4d3ee71cfb47dff1487cda53b69f67781addedd7b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
eca71b2e60a64c9a2322bf080fce23bf

SHA1
30dce2a305f28fc393709b4b0c92de70566ac5e3

SHA256
3f6ecfff313342dc3587e392ef5cdf899f37e1785587e1be5f39cf97336c9860

SHA512
0275efd3256a2f0a0a004f518ba94622f098de433c50979459a13d583b27d90ba654b2ef72e66cba7b2f6b5708a5f1ec92fb288e5a91dd71bfaee3099cbf16da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
7c6682608f0c7471e3228a28d0d165a5

SHA1
65e23a302c0458d94f6df96a88348437ea89d401

SHA256
69fa5d9987574ab11e169dd7624e248d1e59cdf1a2d19dd2a73254fe3b8ba4e4

SHA512
4a67d3a87ebaded6a76d98f9e936166c1eb0c5421722eb1ad72aac9a313c90843a3763864153079640368bcba6ceee5b3fa0a923cb23792e6a00d5b49ee185a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
d1b913bf305790f93c0f42594c96ee45

SHA1
3672c969c4f104394fb2d01c1615dcfb675d37bd

SHA256
1d805de6771fc64c2d39c39f9410a0222b3573c310e4651e0c355a440bf4b13c

SHA512
36c923260ac82ebf707d6d9c94d33ea3631df15628f8ee2f69f447f838e3ecc05712fe662e9849a72cc7e2d9b0e1729fd40efd44e5838ade7a40d2021c02fbc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
76f8a009911265ad5301549bb5ebb72f

SHA1
81043d6ac758a05f1ecca5b474b3951c0d267936

SHA256
061f6ab8c701c9eb0f0d5d4a47456cd887f93da04fdc3c8a57d14911901d4a59

SHA512
013172710e26ac7b7d3bbc218b26a03dbe6ab34f1962ca5f54dc1d0777a3225047643a3b1e069a9aa76b4962940498a404c8c191dc7f2dd1f7cd21d172f195a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF5FEE.tmp

Filesize
3KB

MD5
e310e5578a38aa0803fe501af84e061d

SHA1
ec4e52893b7da842778df8d6658b356de731249b

SHA256
904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd

SHA512
36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xvmk4fht.12t.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\TEMP\SDIAG_17440dd1-3f00-48bf-8c55-31f2b3c723a3\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_17440dd1-3f00-48bf-8c55-31f2b3c723a3\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_17440dd1-3f00-48bf-8c55-31f2b3c723a3\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_17440dd1-3f00-48bf-8c55-31f2b3c723a3\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_17440dd1-3f00-48bf-8c55-31f2b3c723a3\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_17440dd1-3f00-48bf-8c55-31f2b3c723a3\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_17440dd1-3f00-48bf-8c55-31f2b3c723a3\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
memory/5636-498-0x0000025AD1C20000-0x0000025AD1C30000-memory.dmp

Filesize
64KB

Download
memory/5636-497-0x00007FFEE8D10000-0x00007FFEE97D1000-memory.dmp

Filesize
10.8MB

Download
memory/5636-499-0x0000025AD1E30000-0x0000025AD1E52000-memory.dmp

Filesize
136KB

Download
memory/5636-577-0x00007FFEE8D10000-0x00007FFEE97D1000-memory.dmp

Filesize
10.8MB

Download
memory/6044-529-0x0000022AD9600000-0x0000022AD9610000-memory.dmp

Filesize
64KB

Download
memory/6044-525-0x0000022AD9190000-0x0000022AD91A0000-memory.dmp

Filesize
64KB

Download
memory/6044-533-0x0000022AD9750000-0x0000022AD9751000-memory.dmp

Filesize
4KB

Download