hxxp://google[.]com

Analysis

max time kernel
149s
max time network
140s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10/05/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598283346151770"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
4196	chrome.exe
4196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 1464	2752	chrome.exe	73
PID 2752 wrote to memory of 1464	2752	chrome.exe	73
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 776	2752	chrome.exe	75
PID 2752 wrote to memory of 804	2752	chrome.exe	76
PID 2752 wrote to memory of 804	2752	chrome.exe	76
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77
PID 2752 wrote to memory of 780	2752	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe2289758,0x7fffe2289768,0x7fffe2289778
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:2
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2632 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2640 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=688 --field-trial-handle=1732,i,14692879335520092674,10608823384259345495,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
44e24c2c9ba68ac83f783315a827c1e4

SHA1
1e51e3e194540de7f7e4cfeae96d9102d9d17233

SHA256
836efe10541a1a2895ee5d71de1d83b81f9a23373f6785d7405fca068ffccf88

SHA512
a93ebebe709f525888ea291e380a2fb117d5a05ae7370392d3f12dd3f260f8ea132434607b58c20313423ff8c71d9d45d2f1510201079c08c98f3da7f0d5f2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9110ce0e1d13cdf6d0ae7e90b8be3f38

SHA1
e1c3ceb11f5f744daea3add87c353cdf5cfebf6e

SHA256
c2d2db392dffe5d2ca1e89415a40956fffc130354053342d0d4c3efdc2df1779

SHA512
03b79190125b754927fc867ced2bc69c28f25a1cc9f034a54d4eb190f09d7d8cad703355cd11e3e8b84609500739b8b504a2603afe60694c4c64fa80a1047d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
9c29db5689707d5dda8f4af66833d0e6

SHA1
7b490b181cd7a8f3a38b011433955a652c6a28bb

SHA256
794e840703967b575e83cd514087e8f98ae27e5008f33d87204d1df073b1282c

SHA512
31c7b460e7b4af72ad6f05e6bc704638a5419cedddfff66b069e1084652c5b5690ed64821440b8429a49ee17d786818a216d14370264d66773f462b6188ef54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d66f3da4667d0a52709feeb2a54f0022

SHA1
59978b87e73565e3a7481279d7634e5750386549

SHA256
62035d7bebad8099fa720948b0bf5491b8b9e8ef90d22680f44d51eebd49ae6e

SHA512
073f3dd8bfdca3a2bbae4df2fe14617888f1b374fab495f4f7bc602a9c1210fd4ac029fe97f2512f25e6a970e211c7c2658d2b920e6c2b6c1fa97e4d646167a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
904b3f420d218f22a190f1a46d230625

SHA1
f498b76db688bb9cc4a2d0efecde8747e238aa1a

SHA256
6ade467a2ff87daa4ac2a6ac449b8a0bd6a49236bd6289cae0102504f6f3a2c0

SHA512
f8bb6a701f505f7ca7eb648eec0e804c96f5a7078969922857c8958c224c9bd0cd7621e1dcd17137f367fe69d6a55f6f443a2529daf9d2881d88b3c6faa083da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
501dae656ec5ec1bfa717313ce2435d5

SHA1
91dd4697e7fc49c5ca21716f8915c94c8f35cdfe

SHA256
2278ad689abc8c5f6e47ee570924e34fa027ee39baeaeee35f16188f5bcce8cf

SHA512
f7bd4e41a1e78e85e932979c7ed37331a02eeca4f1c41da09d8c313ebf4eb35b35d2a9ec2f12d2b2a15556a8c1abe2169479803d4be9f4a61d7a8dd72899a93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74ddaca233bc2f9c5a7597f301ba3a6c

SHA1
4ce08b7bb101b36b1f8c1e6156956b17d8e35978

SHA256
f879a7a4f400071c8cdb6e7cb0f64303374df11e62ab186ec9a7e108e4b1a9a6

SHA512
ef448b20c5efbb87544ad744b8d6efa3d1715e95db7d0d722b3178f3e78a6702e0fe4ef561ba095fbfabf3409e57382e0a82771783b03b635dbc4b8fa2a0d943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
a445996f0f14f17bfc7e5ebf4f3a47fb

SHA1
e28d785135ef6751d699ee976803c3f5c2600683

SHA256
e529ac550d3037c658780ad33cca9e5095ed84e4119627efeb92e912643fb17c

SHA512
910d170a942a6d611e81f72e9d3c9284fd4c46c23ebb1107badaf027aa4906f35801d85678f693762a50a2239a72dbb0b5e07a2f9ce0d050c962d53f1e3812ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit