hxxps://google[.]com/

Resubmissions

08/05/2024, 00:47

240508-a5dwyshd8x 1

08/05/2024, 00:45

08/05/2024, 00:40

08/05/2024, 00:29

08/05/2024, 00:28

Analysis

max time kernel
19s
max time network
22s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
08/05/2024, 00:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://google.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596017370507052"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
684	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 1972	4476	chrome.exe	80
PID 4476 wrote to memory of 1972	4476	chrome.exe	80
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 568	4476	chrome.exe	81
PID 4476 wrote to memory of 4648	4476	chrome.exe	82
PID 4476 wrote to memory of 4648	4476	chrome.exe	82
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83
PID 4476 wrote to memory of 544	4476	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde20cab58,0x7ffde20cab68,0x7ffde20cab78
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1624,i,2156765246899558846,1280323764813292427,131072 /prefetch:2
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1624,i,2156765246899558846,1280323764813292427,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1624,i,2156765246899558846,1280323764813292427,131072 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1624,i,2156765246899558846,1280323764813292427,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1624,i,2156765246899558846,1280323764813292427,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3756 --field-trial-handle=1624,i,2156765246899558846,1280323764813292427,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3068 --field-trial-handle=1624,i,2156765246899558846,1280323764813292427,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1624,i,2156765246899558846,1280323764813292427,131072 /prefetch:8
  2⤵
  PID:1564

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1ee3df448556609add9783e47df6e5fb

SHA1
58c9af63588663cc573e78bdafcd93402b8cd2b3

SHA256
f0de11d1ab0a782d40c39a4de5f36c4726013052bc73c373f7dc16e524832036

SHA512
e92a0320389130ce1a5f677da0c674fb09096fde6b77bb05c1bbd55fe6dec2b519714220a5c5290c2291e9e891ae9a88b4f4058d2b2778bf4c5eba44a121b88b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
24a0ea37226bfc8a91c3bffb66fa7407

SHA1
94311e3fbf2b6074263cb325acbddce6001bca6b

SHA256
e862aa48e80c810ff6dd426ed4b78b1a6f0ee43c661837c0aab5b2285ca42c51

SHA512
dfe7d269911b63af5cc3e8a645909f798148c8fe0c893810fec89f7b1f8684e19d2ff275f3dc03d689b6a1e7b49d43cf98480d39a019b27bfef9e64973325cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
dbbaf98ff3509b14bf1ecabdc4573d47

SHA1
781406fdde2ce5f361fdad1e5a0e55c9302d7504

SHA256
031aca7f7014b2f553bd3aed720a31f07f32ed06a898d0ce9f53df229dd4cdcb

SHA512
d612a9357d914a494db3b766f03532bd0808aec833addadd6a907cc8ad60b1bd850a32010b242db22911645d8d7f4e975f0047d69c610f2c14fe30880be86b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
62d6e34dca0955965db2d1a33529878b

SHA1
f3eea6c94dd06f05175630116be1a375729d904b

SHA256
d95fe426a8dd2b6fc0a59f2e86ff7f146e6a90c2709136e67a8ed09f5d5bb7f7

SHA512
269100a0605e7a83636b221f050b70aa36abb7c3cdc263ac31eba67ee086fc726a259f425e13abedb68a4da39bb40797fbefcb4e53ca7b41f451af3eb5dae6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cc29b99a-2c42-4f0a-8246-c44b1c4ebbcf.tmp

Filesize
7KB

MD5
8c0705397fc98c8bb29480dd36a38338

SHA1
a99a37f07cf56ee114c8337443331b19c4b29b12

SHA256
365c05edc4745cef9f528c92c65bd80e6d9a75046a53873a35f00481fd0d5159

SHA512
e50cf4502aae6406947cfc77029fe3957f1c5a862bbb3815b428fb9c1e033210a3e4aeaeaff74b9aa1ee04ecb0766d66eebd97944a620f2d0d243976286ab1e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d50e0526ecc5ff1f56f13f6ad141e33c

SHA1
1c3109eb2801c74f29ed032b6be45d04220290bf

SHA256
76266944dffdb8d8b4f99c230ddbf3e97704cc79f44a45d1797c662e7fffcc14

SHA512
043b280fed58f4e350f896f25a1d27c5d4cac15aa3647c825b00cbcae78528a875978d4509ecfb570d9a9addb3f10d96a475b5033813f6e254c02b700a898d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
64b8a43457ee70f4ccf612d2dc79fbdf

SHA1
d81216d2af71b054bafc9376dc2e802037a7eda3

SHA256
c2d5adedf8c283f00b47951b1a408b71cfb12c9b08f76f98594d2ed183ef814f

SHA512
99aaeb4581dd547288ea43751ea6f6003fb899e2954b8c4a62e8a853af18cab6a89cbeb31cde600887adbfaac3415584d01ec26f362af8a7d90e804556332a01

Download Submit