5804f8efc2a8f26bb4215869362257ecede59f442b6bdb50e7d6ec3146b874cc

Analysis

max time kernel
42s
max time network
13s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
11-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ping.html
Size

85B
MD5

e7459a39621dceada643344b47fd50c9
SHA1

d1bf61e09fe44969fd613a495429c2c01138d887
SHA256

5804f8efc2a8f26bb4215869362257ecede59f442b6bdb50e7d6ec3146b874cc
SHA512

074f54ed8ef9660609282eda84f98faf39d0f0629a310f78e960f9c15a3e65f4272cd20a09f264e513f68a5a156392d4c54ae5546ce08dfb95f1c4789fa8ae04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
756	chrome.exe
756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe
Token: SeShutdownPrivilege	756	chrome.exe
Token: SeCreatePagefilePrivilege	756	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe
756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 1804	756	chrome.exe	77
PID 756 wrote to memory of 1804	756	chrome.exe	77
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 5096	756	chrome.exe	78
PID 756 wrote to memory of 764	756	chrome.exe	79
PID 756 wrote to memory of 764	756	chrome.exe	79
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80
PID 756 wrote to memory of 3604	756	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\ping.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xdc,0xe0,0x7ffbae5eab58,0x7ffbae5eab68,0x7ffbae5eab78
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:2
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4020 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4364 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3028 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3784 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4684 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4748 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4212 --field-trial-handle=1832,i,11688971100767301352,9646380542995247119,131072 /prefetch:1
  2⤵
  PID:1932

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x0000000000000490
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
b07a4dd7012641887a1b00d5db178603

SHA1
6ff3374b4d3dd05336b5d0bc8a3d74f3ef971865

SHA256
1a8f260a735910bc0abbb9211f487557634311f24dc310d2fe2e22879238b00e

SHA512
48cae3fe7fda03597e1e517111c9faf3713c5b6c8992b5fb3fded1136e1e0ec5fc9e0cf0e95dc0acc83fb6078b943e675b5a420dae0ff898116c07d57f7cd403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2355f656b9ed8c49b7633709d9f4ab8a

SHA1
4480664dddb0d1d77b83c7145768bbe9830394a0

SHA256
e43aee79b5ecba20125dc966454bb3ae8b1dc9349d12cef8a4156f8090b33957

SHA512
b7a9b626d802166c76302110c9dc2518e0c0876c6d3295a0a02cb527b1eca590908208580ef5ffea4ca38ba16cb36a25a7a896ba19cb2237dac5761b6b6caed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6cfb77366e97597139a3a18c0fb3f62a

SHA1
dd2cb7e9ac466c29bc24dc8a806bbe048a681c65

SHA256
99642b1ed65f7f95b0f9663ead3d622248b218060846e6cc457f3d97d1b64590

SHA512
641445ea4ca395425a1a4ee64adcb010b854cc08d00618857a93769c01ec3b19ddd9aa2037b49279a06f55496bb1c1c2a51304c0ec6fe99fc80b7947d091620d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
89a3338de9e58d3ffb4cc20ad5f43760

SHA1
97767712db2f363c7c81d57e93d446dd353e1cde

SHA256
9ae958d388d3c98464e6d5c82a8eff84ac462705b357a287f7aa498dd6a40a10

SHA512
ecb464bba2115e9a489a21ccfd2b362bf0e4fc702fba52c6e17de4624d5f4aadd6c03832c3c119ee7d74a7fcc64796e0cad52de48ba54aa93167f7899a0a0159

Download Submit