hxxp://Google[.]com

Resubmissions

10-05-2024 15:30

240510-sxxyzacg3z 1

10-05-2024 15:30

240510-sxqvnacg3t 1

10-05-2024 15:26

240510-st7n1afg36 1

Analysis

max time kernel
1799s
max time network
1688s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598467005187118"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
1752	chrome.exe
1752	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2420	2920	chrome.exe	84
PID 2920 wrote to memory of 2420	2920	chrome.exe	84
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 540	2920	chrome.exe	86
PID 2920 wrote to memory of 2948	2920	chrome.exe	87
PID 2920 wrote to memory of 2948	2920	chrome.exe	87
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88
PID 2920 wrote to memory of 1468	2920	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa65ab58,0x7ff9aa65ab68,0x7ff9aa65ab78
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:2
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 --field-trial-handle=1756,i,13629476941344071364,11819229876976021094,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7321a8b07d7a28e40e4d51b1e9b93655

SHA1
c85df97ceec967521bb388d79600344fb18d0cca

SHA256
6503ad6683620ec44bb163b31ebbe60e7f8c051986abb68d72396c886383c7f6

SHA512
fceeaa8e579b1eb8b9d331f0233ad8a452bb20141be47af978aabad1d7f35e608bee81f3431f17e3d793781ed80dab9f50abb26b1885fcb57ef2aecc00049b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
447782c1618ca37a72e531fca41e10cc

SHA1
4578770cc89e49cdfcf53345b2c1efff49eb758b

SHA256
86dde506a18c461468672bc357a697c05f79a57e235c998877e2dc73c822aca8

SHA512
150a0aab578607184507ed3403b50a83e6555e5fdbdbe5844e318c47b60fd45696c3565e071d0c5a4462796abb9bd463cb64ba5b5898c089a7aa8cce45385e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
49e7e8e08b9b7366926e9a6a99ca47ae

SHA1
d328a0f24c25b76e45cdb8f0827a2c369632d508

SHA256
ad742ddb6c968bef003e1c88b243bc4eff81073d3090105649994b8589cb4adb

SHA512
922c3fd1d2d1f81779c6607ef2ed3bbf24bb3b13bee05ab6903d01392d3910f28c6ebd63c1986fbbe13b7b0524f80755c33186069651b28b29e31c46cf5ee693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
aa045d5672894b63296a49a5c351ab8f

SHA1
79835790a06013321c6e281c9bf9eb47ac2cde41

SHA256
64578c3c2bb77ed1706df4996266522dd6478a8de25cd556347a1b6a6d0160f3

SHA512
988815475743e85714c10124cd647cd1ea073d25858cd54b1a962b8f2c2047510b56faa21c0de74a911cb0fdb10927f239f9764720bed9157f573bac78a47ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a59da77d5a7646e4e7b5c7a1c36967c5

SHA1
953215226fa383762717bf042120d0205ed119ec

SHA256
102f7298d9a480fdf5ab7e085a0017a5a65af2c6bbdeaa2a5321eed9ee1d9ec2

SHA512
3842cc3b36dd2451920434288c6d2293e4acb5d7b2fb0a928c9d8883b7f78a267b17e780b47e9d97c352ae448bc053dfe8952a717ec6bc7ba90ee4791c9aa86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e812d139d88ad1dd43d9dd363877da17

SHA1
bcaea42d6fcef9def49edd4ee02d1d9dd2a3e2fc

SHA256
9dcc626ebbb82068ecba86c1dda6e03786c583205933323c56cc85d8813d2aa1

SHA512
b011ebe25fd74dd50dbab1029e1ba1661a717d0908a22af2196655cec58645879239eb8d35f7b9fb4a7d506ae86da66bc298bd34a9f013954764892f80d7e200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
05249b6050eb985e82ed889067840238

SHA1
8c8c40f6143766afbff37253478812a536467c26

SHA256
deaa6867c169e53d272a978cc21bf2f1b331de24bb615c9b3aec4141c957251a

SHA512
13ee07ad69bdd42532faf4e434a61bb45a6b579f6344a7c7d6279c7cc98e02513b1f3c98817c196e82b078a56fd006792af017121245e2a098946e08f82bb7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3b1755ded1840e41c12c94dd34188ef0

SHA1
2ea0831f6f4320ffe1982fea34db64d9c39922eb

SHA256
b178f53a029002aa362ba34e96a16f2300a52f6d72e70db6d5e52635e363c6b0

SHA512
81c1c8157dc9939ad146c1f5d4c93d3cd8effe77d478419591e275ca2bbda291d14695d16588a4b3d7d67f399637eb24843a4ba6533cb77dc40da1de311449de

Download Submit