Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 09:38
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592027099624640" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2612 chrome.exe 2612 chrome.exe 3132 chrome.exe 3132 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe Token: SeShutdownPrivilege 2612 chrome.exe Token: SeCreatePagefilePrivilege 2612 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe 2612 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2612 wrote to memory of 1832 2612 chrome.exe 83 PID 2612 wrote to memory of 1832 2612 chrome.exe 83 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 4840 2612 chrome.exe 84 PID 2612 wrote to memory of 3404 2612 chrome.exe 85 PID 2612 wrote to memory of 3404 2612 chrome.exe 85 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86 PID 2612 wrote to memory of 4996 2612 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aka.ms/AAb9ysg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90ff7ab58,0x7ff90ff7ab68,0x7ff90ff7ab782⤵PID:1832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:22⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:82⤵PID:3404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:82⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:12⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:12⤵PID:1052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:12⤵PID:1200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:82⤵PID:5096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:82⤵PID:1776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4028 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:12⤵PID:3108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=992 --field-trial-handle=1868,i,8992335639870256474,74181273506656792,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB
MD5a484f2f3418f65b8214cbcd3e4a31057
SHA15c002c51b67db40f88b6895a5d5caa67608a65ce
SHA25679cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA5120be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c
-
Filesize
480B
MD5c0eb8a774a8319e722bcefc963cdccd6
SHA14ff269b29768ccd6c4cb08061bbc7d2e3c1241d4
SHA256bebbafa631b03b30a9167bae7996bc127ce84755a9b81f8b2ccd99990b9de7a8
SHA51245a19fda18479d24d0d27db0d23ce84a78a0b85a4c4370026e46f872995684091fbf60b27afb34b71c07d12d08ce49b57eae461b1d1f9730733a17eb8f55a0e0
-
Filesize
1KB
MD57e5d11e139c7d381884f850be7e96cf0
SHA114aca23f4031c53307791b214c6cd5c87b77e1ac
SHA25685d1da451275155ef03304eb50a3bb85dd25147bc69de6a133159490c1b00a21
SHA512d261986715518dd7869e2ebff05377ce0abcd339ea5d510ef70c49fd9fca1b1f97c97b97cc87adaa674dea2130efabdb0380de6840c6c19871960335253d9a86
-
Filesize
3KB
MD56107dabb579ed511b1c212e321821654
SHA1c758e18c8c2d4f4aae28d6afd5e10a6ac83dd8db
SHA256003ad81c64ef815a1dbdbf9cbcd7db6a4ee094ba2ae64199dbf53b895de3275b
SHA5123bf8e5f14b2f36dbd7c35c2b8c54cd3445ca337f03f0e09b682e2859b97e4a57fac67b8208518d0e0bbdbf0008910255eaf11c6838fa1f3c53882a273b2f768e
-
Filesize
4KB
MD54b9f9ed8fc624f7d7fa6688e56cff75e
SHA15947a826358f32380a060fe88d1b173afe4874c4
SHA256353dfe009998d019534575b22776bea624af4e3d7a2b9c76a92230c626ef2966
SHA512e195d56ed868ddb53aa4536c9f94f408d77a92e27419bf7c7f53c68d58e66f5f2ee0f443b4c56b936ac5a9b812315a7bd60b78142fc4ded78f4af37f9e125ba3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5edc2c43db31f8646c35cf4faeb777045
SHA14628b73362ec794038fbf5afb7f33b8cf749e337
SHA25623781f7279e420b1539bc012d99ad75a20f45ea6267b6fcf22ff742f8ec9e77b
SHA512a1f3fa0474cba49ab607f9fd99f11f1bc00ee990f68d441d1698ed5369b213f906b302336f7c4936abad08bc9cba125bfeb77ee325bee89b50ae98f755e11ebf
-
Filesize
1KB
MD550e2bed3c1a2ab82729bb79f2d765924
SHA14ac717d493483de26070ba4f7798d7adb04451ee
SHA2562b84f996d41df0fb4a9b71bc56dd08a2f782647eed2287011f385dd3af5b8031
SHA512e1fc5577d6b2383d8397324da2c76234a05263fce7a0009c7f324dc74a0920a28307b5253e36eb2ec41e6727bf6994266e993f5859e0ffeedcb5ffea35f99294
-
Filesize
1KB
MD541a4f9db8fd9a3bc8d5e3514739e8100
SHA12d1370f8c448a0c46ce41d4d427ca39347706ffd
SHA256ac0e66de34d4078f7880b59195cf7478866e03fff6824656977791035ec94aab
SHA512b21353f48be47546f9fef2ad413118c0c7423e93b4c0d1975154c16fe7de93d7fc48e3ddc1c419fdd2975528a72c91229ce46e7b3d4798ff3d32cf5d1096492d
-
Filesize
1KB
MD5a0fdd8b432a07f72e6eab2f421624d4c
SHA11fe54209e84bba75ed071bc2e4ea66a41fc30c5c
SHA25644da4dd1118bd49a18f8e9974497be31aff4812d88732b0a2d3ffeb2b50d20a0
SHA5126810b55e0f111d9f33202ce295afc5a3974f5eb63799a82ad037ac61ed2f33db846eb17b47ce158a1541959523be316215fc1a5f89a3d4485a66508b353d2772
-
Filesize
7KB
MD5734b8666985ca29fd8c620d902cc6688
SHA1bcacc8c66fa189f786af32157fcefd8d4a4110e2
SHA256afc467d32b504f5808229b50d0010f18d501477d506bae69c25d97663a4c3459
SHA512c4eae85814ff372850a0ccc3ebbd923ac41d039be4b3b7bb9eaf2de8d24bc93a46c55ff2b161583910904d7ca143c602d003d194c3cdd1d778b1152b16ef3b9c
-
Filesize
130KB
MD51004d857a6b133ff2f73a7d947394d84
SHA101328d002a12ed6cb09f50368b75d6b587924bfc
SHA2565cd07f2cf7343faf69ac5dbe2ebb920ddc441955f2e9f19fc97fd8a88cc78f4b
SHA512812cbe99c7bff41b409230e729d69030b316109a001677070b58bad8128e98bb4d0d598bf4b1c228fc61aaf826fc999f605a56a61d182c661f56b2c287718609