3cdd819279cef20f388ea2b3c82e0b9384a4e53f0b98efe0a4860a0883f694d4

Analysis

max time kernel
20s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 20:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

download-test-viruses-for-free.html
Size

160KB
MD5

d4aa0570c21f13a5f0ddf52bf160e3fe
SHA1

2af47eed51fe076c6dfd950929f78e4fd1f1ab78
SHA256

3cdd819279cef20f388ea2b3c82e0b9384a4e53f0b98efe0a4860a0883f694d4
SHA512

12a5e6d06a74d734204d0ca9e2cef72bb38aaccdc6ecd7f4635734a12e377b0d740da48bd531a11cd9a68b17c6110175286bdcd13297a6b0f097efa0eb5a1043
SSDEEP

3072:w7QVbvAwrNWEVKHsm2pFzijE22TbdyUBmR44qbC8QujDH/p9tQi4B7III8j6ksLe:wkWEVKHsm2pFzijE22Tbm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591563959002132"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4656	4888	chrome.exe	91
PID 4888 wrote to memory of 4656	4888	chrome.exe	91
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 4232	4888	chrome.exe	93
PID 4888 wrote to memory of 1048	4888	chrome.exe	94
PID 4888 wrote to memory of 1048	4888	chrome.exe	94
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95
PID 4888 wrote to memory of 4168	4888	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\download-test-viruses-for-free.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae9d69758,0x7ffae9d69768,0x7ffae9d69778
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1868,i,5654189715857245330,3089501729550589251,131072 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1868,i,5654189715857245330,3089501729550589251,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1868,i,5654189715857245330,3089501729550589251,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1868,i,5654189715857245330,3089501729550589251,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3304 --field-trial-handle=1868,i,5654189715857245330,3089501729550589251,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1868,i,5654189715857245330,3089501729550589251,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1868,i,5654189715857245330,3089501729550589251,131072 /prefetch:8
  2⤵
  PID:4012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
3e150479d3bebe683aaabb2aea57c54b

SHA1
be30ad23afa16048c5308be679860e3155a5b75b

SHA256
40a2afb3eb39247c917800fac193ba9ec5229cc1e68f3d9f4d29061a6ed28684

SHA512
b4aebf7bc522394f85216627893b75aca616070e8a9146d7f451a52dcc8e5dd5157d07bb8c6dfa46ed98931ca9c598fd18fd36eae1ec8878b2996945b3fe19ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
888bed8de093249d9d422474c157735a

SHA1
34b7906e57dbc372aace5f3cd1afe59cc4533fcc

SHA256
7d2303683e13c7815c5c11dc0475be76f981123ff9c3b16c23ec26c7572572f3

SHA512
51e96eacfc7d41b5888ea7c0377faa6d226b79bd590b4cf1d15afb7e12a5914ac5b33143c9ab11882633b6c8af7505bb0480c4dbbc7bd6dc6cf427b36009570d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
cc481ae3ae79536fd27e240c5ec84132

SHA1
fd2c55b4ddc387f97e5a02fdef2ba7dddef017fe

SHA256
16a722f37fba6882a5c819eed404a1319f5fb4e62fae43714b9120be74b37a15

SHA512
d4cae4340dad20fb6a3abbdead6dd4d55bcff5eda82848e6f95bf60b15a113728db9d81189009a1ec54204d9961ca436f8b3f162a277103258a34ad21d887125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit