237020dcdbeed096b073638d5c204f1c47881ad75aa0e19c464429a952833b26

Analysis

max time kernel
149s
max time network
141s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/04/2024, 01:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

vivitar/startup/data/ru/nointernet.html
Size

1KB
MD5

f6f8abd8e98503fdde08109c9646d671
SHA1

2f2abf8e7f5099d2648b471c3d86f691ec07e616
SHA256

33e70951c93a3d3db84c21dbad83377146646c313b111c86d44f6dddee045780
SHA512

e687be2e70b6dca4f9c71e4d6e1fb4ced39c881d493beb42b62a954ab9c16d50fa2d984ad57a7ccb69516811764b00e0f87e38a5ee1a6d5f9f6b06e75919ef88

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589127690705016"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4668	4656	chrome.exe	73
PID 4656 wrote to memory of 4668	4656	chrome.exe	73
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 424	4656	chrome.exe	75
PID 4656 wrote to memory of 220	4656	chrome.exe	76
PID 4656 wrote to memory of 220	4656	chrome.exe	76
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77
PID 4656 wrote to memory of 4672	4656	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\vivitar\startup\data\ru\nointernet.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc43579758,0x7ffc43579768,0x7ffc43579778
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:2
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 --field-trial-handle=1852,i,14468089650084635014,7803101649533985058,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5b5e34d9f57e6e44a2e3feccd3f816f9

SHA1
0b4df1a5cdf546642088559506e6f328b2ce5c7e

SHA256
c938131fc14bb5a42049b1397ad4653fbba64a98ef5b99b5e791419c5f40daaa

SHA512
94d6948496b384c4adea8e86652298440c0402b242d098fd8c77b181282f560df20c1582587482466158897c1a40338881d95d10c2b8cae6eee3200c49e8e5f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82a4f71dadc2c86ce6a6d23449731628

SHA1
156ac136fcb5a9e86aa805d8bf19182f2ccd6000

SHA256
a2969af511dbbebb9bc48515a7ca4c8d98fdb79bfe2443a7110d69693011435f

SHA512
d33f0d1da38fedd1322fccd990cd88aef50d4b239f7a43aaf8026e9f1ea14a10ac24f8bebf363110ae935e85ed77f2c139d34f5c0872d2a586f42e9c4089074a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
04c132f41cca864361fe928fdf64a44d

SHA1
7e28ce8c446ee0ebe07d922c2e9cd66641487436

SHA256
3898a08ce01ed1a9272a4d3aa4218dd6ce08bf44964dc96e60617f6d5a94ff25

SHA512
e4f8dcb63882e7756efaeede13174faa8d7daf83c217a4a905fea2c22eb9e09e4b7f77f62581b71f5f9832d22d6e02b1d79ad7440b2846d5c15e5fa36e0e78d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
838e7d5ed1be492e1e21708d0a6803c4

SHA1
9bb12f14b9162924ef08d61ac05527ec2f053c72

SHA256
04bf233f9ca6d2ca291e1d3042108bdcdcfa1261f9a159ca15ebf7a544031707

SHA512
0981f422b84c5b81ae5257a2e2d4787d03110240183187727b257dd7148b68fbd6ceb6529888fa0d867454ece46328a7bb09e10725bfa1bc2b68c387bd11d56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
383a0087c4811ea028ede9afb25d3aea

SHA1
a7834499c24569480be80b00719e606a8d2b826d

SHA256
080ab415d352b8c26b3b615282e104edbefc3419a7201a22467ec867a0244931

SHA512
47700425ab82ea7209dd98a36c7c47494bf1a05b9dd0f53b3ef4a1d03768baa48db263c5d6f6784fbc98341168dab06eb7fd29773ddb9ee15f39b6e087bb147b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
4c4a7319cd2257b2d8e49ddd8d61acbc

SHA1
497b42f92aa7c39bc05477cd2b5de644b7514d2c

SHA256
e42e54d757c9bf543c23ae58c12991cd29631b56cd6ecc3befc66c09ade7ac0b

SHA512
224d593234b532143a5ffd2a0839c3e96bb4438332af8a9507b7799850a431479c2948c3dd43a48a67a60a9ddd678a52c912cc4f88fd516792673682c16b01d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
d624b0be9e46fb127b030fd7636be51b

SHA1
fd5ca33d3140c1c5945113a4279d9d001d29dc0f

SHA256
0c4462e60ea469fc23cffd1d226a1179e7ba4f77da9328628767e4a2a9ec6a27

SHA512
2b11eba23d1cd91442a69c049e60b72d32430b3167d3c1bad827fd94a4d1f2c3252d7841d7477b5c0d8c221f51c78376006c0d9dfddd4a48e5ffe679d9ccab00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit