9f30928da3935effb34958309bde750c2033d654e83ea7d5f3ce0744c93d3457

Resubmissions

01/05/2024, 13:54

240501-q7rhtsgc6w 1

01/05/2024, 13:51

240501-q53hbagc31 10

01/05/2024, 13:38

240501-qxqtjsab54 8

Analysis

max time kernel
117s
max time network
117s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01/05/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

20KB
MD5

ac97af0819965dbbaaf75920356f702a
SHA1

8637b8be2516e18d7e6be8b3984a9ae339e88dde
SHA256

9f30928da3935effb34958309bde750c2033d654e83ea7d5f3ce0744c93d3457
SHA512

f1898c86a9f5d62e5b29977c00d5ae43854531f81b85df021fe61601753524ab95912631e128a84ab49af5e6da5c9cc4388a48b56662470b150285da294dceda
SSDEEP

384:rGfdCkDpmReVoOs4si9ylKeGMkUxOHhhbYhS7+S2LjMrSG+0IJCgMmVn:rGfxBVoOs4smyI1MbOBhbw0yMrSBJ2mV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590452845565501"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 2772	4404	chrome.exe	72
PID 4404 wrote to memory of 2772	4404	chrome.exe	72
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 760	4404	chrome.exe	74
PID 4404 wrote to memory of 1360	4404	chrome.exe	75
PID 4404 wrote to memory of 1360	4404	chrome.exe	75
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76
PID 4404 wrote to memory of 4980	4404	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc2aca9758,0x7ffc2aca9768,0x7ffc2aca9778
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:2
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2408 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1848,i,8063168687324542850,47694206144222748,131072 /prefetch:8
  2⤵
  PID:3524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9b0b52b2d86606826b8df98f2d5f14de

SHA1
c4cff5af73666431abb2ccf25b4d04e296a6b32e

SHA256
57559165de5fa014c8555aed0d5901a520cd48427531e36e216ca4eee6e6cf59

SHA512
90b26d3e77b5bccded51ddc1a12da51b1bb874b72d5acd28584b6efac27754a2623af338ed75439514e9e89f945d8a1b7474b3d5f55bba7456cbfe0af1f33316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
dffc5795fa1c74ec65dacaa1a652b066

SHA1
61656dc461cd084f7cb44d077ffd9003b7dbb8a6

SHA256
997cf049e8053520602de2c284dcff0507387a8a32f32c358c1c8d4a410d702c

SHA512
8c62e53267827df2f17e247ec0b1dd0a2f263e992a82239dc121e3930f542702f01b4500ccd73d69af77e447a33e23bbb3b78d2abf2827e2d1382097f45427ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d815a69e1ae224a95988088612e8adf4

SHA1
99f2500c53498debc4995fd941e2118e4d0afa45

SHA256
c6586141776c9b9071b10c38b6f84664ceb4df5c47e78e571482e039eeddad8a

SHA512
5b976e1b70a0376ba863494fc21a9f50b8ed7baa06957097ad4dbbaaf89ca7ba4a718872c93e7e683cf59ef371d96ae074e988f1a018cc8a66f00fb0f73c07ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a8da06a0decbed65915462391bffb133

SHA1
2466864ee802689bb2025466c119c9b456585c86

SHA256
6fe6995a1c1efd2a986d9cf0235d448e69e24dac0a5b08a7ddc868894f769d5e

SHA512
92147f002f68f78487bd772171f73f846bd3e42c3d9da008b8a1dca26ce56dc896ab9dead08af1f4c9645efaf988b49a9949751da29c8845c4de75179b5374fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
42288d64e3e9522ca331ae9ede506802

SHA1
43d328c1243754883dc4c458e12fa227c299115b

SHA256
81eaa2f31e0e6fc04f76b13953838b605679f59c221e7bc2891c062de47a16aa

SHA512
4b02e6a528fa41a176e6b325e554481dfb4575e3a73699dca720099c9a3a4570b755c03b506a33b96ea6f95f97b347e40eadff3c39fbc70053bf2bb44a449175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
6f3b780c5c9c35022840638b886d8270

SHA1
c3d2111e94fff6c6cb99ee535d3461ddcae4456b

SHA256
e6771925913fc351a27bd8dedfdf0c3693d3b4fc02a13bf113f247f24bd67185

SHA512
eb02389c4e8d37bc6fed5ab272e85c6d0a20af3cdbcbf47d317a8dd6c1641ed1696baf2adfa4dec5f91a194c4e10d05f83f69c4267b37689efa27647deffd829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
c97445a272ca27c4f7e56a33bb8779e2

SHA1
8c83b304046c3e7f49b795b12f1b64cb5399cdb9

SHA256
60688804a5d5978b82089f75f0b1d0a277c029f4dbc7987c40ce99161e9a9b0f

SHA512
ca3cd5ec7ee21eb36aa490dab80868021edbd8dd571fd5a652c54988aecc323df55c5b5455e58d006d1820658b388975b4f9be2d600ff6700cd69b10f56be936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588364.TMP

Filesize
91KB

MD5
a4b081a07b0ba943c8cfeb898122e6ae

SHA1
5e3b4ab976695c83aa5c67b32237bf54c4f47fe6

SHA256
b29d0669ab0878ac857f485f981f91396fa0024e43dc0125ab78e30bdc2a978a

SHA512
6fe7342a8a7f0e0c79032d63f59c161185d7486a8e604b466d50fc20098c6245711f3c23461d7016f99a63fc2b882f11e3d6eae6b4cfeec9d111441514ba9935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit