eb88af60ab1e001c91f2c65465a236901973a8d6393abb5bad63559dc365839d

Analysis

max time kernel
967s
max time network
1563s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

view.html
Size

83KB
MD5

12ba1166d77b3fbd0641781e822f57a6
SHA1

8e61eab855a5a4fe289f78017c80d954b632c21a
SHA256

eb88af60ab1e001c91f2c65465a236901973a8d6393abb5bad63559dc365839d
SHA512

cd7adb2b3ec43136e8cbf262de1064288dec4edb3d862c1a6a9800e239ff64c4caa31387863cee8f2dd33e7aebf944a17085cb4ac0e7e9a65fa2cc110b2f83ff
SSDEEP

768:m/lZmPzRpI75LAcB5wZcup2YD0/TosN+P+KVsmhlGgeDUAFiTcLmOH9VECnYJhMU:SFsZlVsmSgeNFXTEX4bHwCv+VrWJ+1Z9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2268	1180	chrome.exe	28
PID 1180 wrote to memory of 2268	1180	chrome.exe	28
PID 1180 wrote to memory of 2268	1180	chrome.exe	28
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2740	1180	chrome.exe	30
PID 1180 wrote to memory of 2040	1180	chrome.exe	31
PID 1180 wrote to memory of 2040	1180	chrome.exe	31
PID 1180 wrote to memory of 2040	1180	chrome.exe	31
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32
PID 1180 wrote to memory of 2508	1180	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\view.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f09758,0x7fef6f09768,0x7fef6f09778
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1592 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1516 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:2
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2964 --field-trial-handle=1344,i,5924349651494225568,16319722813213064208,131072 /prefetch:8
  2⤵
  PID:1948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9ec49613-1e48-43c7-880b-8ec3a28dfd31.tmp

Filesize
142KB

MD5
cbf9680ba505fcd91f4451e34ad786d0

SHA1
ec7b5586bbff608484e059ce14ef465cece402a5

SHA256
e052a92b7d03e5bf197bb210a361e68c918050ae6652d645a0b0cc00989a35bc

SHA512
99a83f5bdc8e77875d6479540f07c08c0cc82c0c6d2b6bea3ee2a14a60894942e482a8706042ca45f7ddc0d408b9bcf219cc4b8d814e635aa3490c7812fc40a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0d430221-9e77-4d7a-8bc7-4764660b1f0b.tmp

Filesize
5KB

MD5
3f4f278ac5bb7c1298552f2c018a57f1

SHA1
02d08c3cc06e33ef1d06ed0e8f22e594bbb13e75

SHA256
d4375453265e180dbb94441ed487440162d05ae5b661d08bac62be3c89d5131f

SHA512
3751ec665d5fc2fbdfeeea782ac04792e84e6dd0a6b12f7a4f06b509fa50e73433712a8ae5b3c559f464e62cf6f9093554ea592c787a95a828150c4be646e5ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d843f101efe0d5b30c2b7434430aa323

SHA1
5e52b6bcb850144fad2a9dfccd45b735817f46a1

SHA256
240d293a3dd3238b8ca35caa51ae8c92f82097f61ac24735dd28fae53e862f09

SHA512
5436687535603fc625fc83cecfd2a0e7ea9d2fb24b904fc66e528c812a3f0e2a26dfe7b9953fcff59e64355e4f0d1a6480890dff7145eaeed04c4e333188fa48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e48126d3fad87348ac8f7098acc1eb01

SHA1
1f8c1949f141442f333524538f4f423aad98f310

SHA256
da2826ecf6b449f9cae4ac01f57e04d9808e9eb1a5d24e5c29fe75fb9ba7c54f

SHA512
dacb471c0e5f069f17dcd5ad77ccbfa1f0d411db4d7724bf5b5f662a56dc5c0f253b3d1a3b3fb522fb584d7b4879137d655486a2cb727099a13c918e6a334db7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
5a4a0dd263a988c9deab7487e8143efb

SHA1
4e71be68f63d4b09464017067640e9f5f83ec663

SHA256
573d535f4899686cb33f07bc8342fc7f558e4b3604593b6d4a55d64ebc82b037

SHA512
5a042f51a614e5adab1b9e182a9289fbd6890392508c3e08450677fb7e094e9a03f1bfb01b98bdaf2d5d8f306ea3cc185300617cd1292ca05caa6a23ada12a1e

Download Submit