3019b5e65aef1af4b8b527c0458daebec269b3ec322c3f9cf8da065a6eddb0f0

Resubmissions

08-05-2024 18:37

240508-w9x2aahc8z 1

08-05-2024 18:36

240508-w9dbwahc7v 1

Analysis

max time kernel
96s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

en-us.html
Size

15KB
MD5

7899eb2f3dc20fdd251a73b9f7a26276
SHA1

7754d48c984afebc37ec42b0d22d5919f3623a00
SHA256

3019b5e65aef1af4b8b527c0458daebec269b3ec322c3f9cf8da065a6eddb0f0
SHA512

aa79f1f0610e804b2fd443aeeaae3decc0786386d20044bec15893727e2faa6e8c7c832890e26a41dcd3fdaae5ad5e75c510d9805e76794e6c685055568db9be
SSDEEP

192:PNxyShvK9moqTJkNr4237gxfhOpSklUmXY/CDL62ITTNMcFDjyhN:yShi9boJkNcXfspSklUQYs6ZNMqqN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3236	chrome.exe
3236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 3288	3236	chrome.exe	80
PID 3236 wrote to memory of 3288	3236	chrome.exe	80
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 3328	3236	chrome.exe	83
PID 3236 wrote to memory of 2940	3236	chrome.exe	84
PID 3236 wrote to memory of 2940	3236	chrome.exe	84
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85
PID 3236 wrote to memory of 4868	3236	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\en-us.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81034ab58,0x7ff81034ab68,0x7ff81034ab78
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:2
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1920,i,12916536413243348550,8757879766974942776,131072 /prefetch:8
  2⤵
  PID:3480

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
294ab2b1a607f69ed28bd1ffb1682f47

SHA1
50067ea2023b679b7271be61a78f6b50a81e65f1

SHA256
672a5ac51a320d9cb0b1f1f4cfd09a2a674968b1ac84cca6aea6bb74f4869666

SHA512
27a553a421cf432ff3f1c87e4c663ac2dc984786e10a1ea7bda57b500c8522d5241cb5726261503a7517472071dc9ed2a92ec425490755374ae8c53cf962fba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c3936f7176551241b63a653cd5b2b5e5

SHA1
cc8404f22a5e3f24dd22cb6e8d614319054cbe66

SHA256
0ae9d973049792fef7cf8c8545c4ac62c284762a02c65e29196cac0130ac0479

SHA512
81fe580271775252c726b05e2eae861a777f064b10f97fcd731b94e479e6bb51f86a0c32e9688066a1ff8d09e14081c2ee1333fc42ff084d6c8c4d46959b0055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
225886c19fbb8ea3125a52baf649e16e

SHA1
76e9496fa94ec2c2e1abea77e0092c5547a3e8a4

SHA256
b51966896018d0b546ab5f3c53d02135933c2220a94c7b3d5d3e2d415cc2cf64

SHA512
5d5a5daff28d90374427b332e454a97d7a0fe84d4304de04d2207b3cbca6443b55563875a285d926cf018b13a15a5555f0cd3eae4393504489211be4503fa79f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c22778a93f6dfa95be6ced694eb9fd4b

SHA1
fefbf98360edebdf5c3fffc71a8026762407fa5b

SHA256
583d29ff76d256e64c3f3df44d2362867f9a28e1a2defd9659e239709265827f

SHA512
947fad0530ae0a31822b6e7e2e7a42c7976a0d9156742789e8503766af14e1fac4f1fd5c38f32c793ba4118f49a9202ee651ef48b86df29f26b255f849b86d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2c4d8d1da9404e83a3ad2dd365bee34d

SHA1
e6f381cd02e893fbc281662a1ab2daaadf88fe3a

SHA256
174e69e3e98aaeaece6254b354a5d6e6b7c0485c18cd201de6a1f3c1313986e7

SHA512
d7fd3116931c9b3f2141b92a9e464949a4bb9d0872b04a601ff65e10debe0b442d7846bfe00d771cf2932eec02223f41aae6694093feb61cc139ac29f7b2bd21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
c0bfb27858acb62aad1a9edf3c278d04

SHA1
293bdda92a343cd2e60db1f5e232371af6b9ba8d

SHA256
4fb24fe41a2f4c8437aeae4c14832307b51c10d2dbd311cb726e30431d48f219

SHA512
6381837aae085df382b4fda59a1ecb0ddf41e840c6713fee1f58897e0fdd7f445dcda1944c766f4abc5b2920ea2d945bf6061131380acf4431b6589914ba1a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580bc3.TMP

Filesize
88KB

MD5
c751f0e3ee5e1d4390c94a6d07935cec

SHA1
a64b6d6ef01b22b0dc4e156d8720fce707a0a1c5

SHA256
f11d17a1a7840f1129a469303a584ff2e0b2f827cd1fe32e8409c0b0e365ae04

SHA512
9b9a6547612805a076db14d3335aa40489e8374371df17d497faaed679dce7c1484875a83f6eedbd56b8d680225a42eca3cded2a9e79423ea77a0ff78f4f56b9

Download Submit