Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 10:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLinkId%3d550986&umid=7cf15e30-3575-4364-ad23-c7e8e5161102&auth=3262a64ff51ed7015b9fc7a2051c8e354164257c-3fd4d9d36d53126adf4f5c72cebbf0651e43961f
Resource
win10v2004-20240426-en
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592058789206393" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3128 chrome.exe 3128 chrome.exe 2648 chrome.exe 2648 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe Token: SeShutdownPrivilege 3128 chrome.exe Token: SeCreatePagefilePrivilege 3128 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe 3128 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3128 wrote to memory of 3432 3128 chrome.exe 81 PID 3128 wrote to memory of 3432 3128 chrome.exe 81 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4648 3128 chrome.exe 84 PID 3128 wrote to memory of 4108 3128 chrome.exe 85 PID 3128 wrote to memory of 4108 3128 chrome.exe 85 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86 PID 3128 wrote to memory of 3764 3128 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLinkId%3d550986&umid=7cf15e30-3575-4364-ad23-c7e8e5161102&auth=3262a64ff51ed7015b9fc7a2051c8e354164257c-3fd4d9d36d53126adf4f5c72cebbf0651e43961f1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9303cab58,0x7ff9303cab68,0x7ff9303cab782⤵PID:3432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:22⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:82⤵PID:4108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:82⤵PID:3764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:12⤵PID:1976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:12⤵PID:4060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:12⤵PID:4956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:82⤵PID:3772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:82⤵PID:4384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5020 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:12⤵PID:436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=984 --field-trial-handle=1820,i,12611862285416751835,6528739031505583378,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2648
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4836
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB
MD5a484f2f3418f65b8214cbcd3e4a31057
SHA15c002c51b67db40f88b6895a5d5caa67608a65ce
SHA25679cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA5120be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c
-
Filesize
600B
MD54ad6acaa8dc226886ed26eb100917c20
SHA111e449bd416e67ad3a3c7cdb3a21886acadde599
SHA25679e5b3125725f8e0514d07bcb808b545d48f4300f20a9572ea48dadd02a26c29
SHA512b78e6fa35f8f08a2e8d0781b3a454108b97f2246106cd439899ffd76452bb803cbb71aab9a7d1a5768a5175ee523883dbfee32817dd3481fe47193092886e05c
-
Filesize
1KB
MD52194af6cfb5008a78038cac07861749e
SHA1011695c6cc136d5e13073fa6375f4e0ff30f87e9
SHA256ca957725c0d24bf78295edb1fed38cc273366398dc2fa2fa352151eb3bdce56a
SHA5122118dfd2e8b9fa6eecf7b7dd1c9aab5ae7078a2a70197e935bfec0f9fa2dc162aad10033255eaa3df6d08cc492914d1a4e0820c049fa3e6d3eeea7d413591ee4
-
Filesize
4KB
MD5325b652d8ba271f78a350aef4bbc2397
SHA1ccbd37787da3948c0365a47f86b15acd6779151d
SHA2566636fd98d61c55d15900ca48caceeded588731b1ccbf006da5414a237c82e3ca
SHA512d65f1e8b1661e22edbd7da490e29e886eb14fba8b8d7c3a9d8a61e9826646ae92dcaeef804e72605b236bdc87eddb567bbe167f512a7ceb5eab41af8608b7845
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD563268b8051f0c4561e8f5ce3304fe60f
SHA17f3c2585bb5c0a79c9b62cba69dc9ffa3e05a628
SHA256b7f7669971fb5fa00ea35c06783b75055d828c8f8cc43d7163bdcf2a78c9ba98
SHA512f62eed8c63b1aba43a0db1c68e0b98a7cdde5d44be0fa5e4fce6d0f5782f718a5e0fc10d2688bb3bde554b3eeb61b5be8287a7ae596e1d83977424115c3e6819
-
Filesize
1KB
MD5db6644214563608a2ed2e08296b67c91
SHA177c2b1d8fefe663b49907e3d1b00f1fdff8f34f0
SHA256a902ee174d316546bca9de2eda05316029fa25503c336721c3e65d89447d8b78
SHA512ba5ff52c612567cb90e67e63d95d9c506ca4a0839fed7d71bec923e937b45397016f166eb01a8106b1b9a442b980ce2ef11f195f31eea97d9c9e5461a0d6ff53
-
Filesize
7KB
MD5df0328fe5e1b6f59ca5c4cee123df922
SHA18c470518e36ecb07d1416676fb0dc99edd8addd6
SHA256bd7176704574abfe3b5d641754973fb0ce51cf45ac7d6a02a86bffc0d958d4c4
SHA512c7e038b95da93ee366cfc1c05494e93632f141157228d71093c5efc8a25120722232033b8dfd83265bde70f8cafddffa043e1c09366e4fe0b13edfec671ff7b6
-
Filesize
7KB
MD549c8e80cd77fe456cd736d0be6010463
SHA1256de3607b87ccf2255e31e4adf68dc0e544e836
SHA2569fe8286ea98cd23a24a50199ccb8535f7af2e25af74268d489dd62c9b5bc3e0a
SHA5120eda502663d25eb77ecec638cad79da795a815ca1ffa749945442450617dc257ec8227b863d5afa0ea92020eb3fbc3c0f492d77290a718d45c9f01ad16e1a7c9
-
Filesize
130KB
MD55fbbe126c4e3683542fca705b3b7bb81
SHA13b9360e229ae2926e06cbb306eef669ed69230ec
SHA256f1f5992a4a9eeb42cdf5e3413972e27a94ebc24efff58999492b0562802df5d1
SHA51251051774ec83afda3079ce2898fceab757e98a55a127cc6c376a2b0da5a72e8019a25ddedd9712e5aae2f60b58d5e5143b313cfa6d7d13cefa4c086dd1381c53