32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

General

Target

.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600875923056848"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

888 chrome.exe
888 chrome.exe
2872 chrome.exe
2872 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

888 chrome.exe
888 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 888 wrote to memory of 3688	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3688	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4192	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4308	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 4308	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe
PID 888 wrote to memory of 3948	888	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4f7fab58,0x7ffc4f7fab68,0x7ffc4f7fab78
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1848,i,3122024200756519052,4981373398526925106,131072 /prefetch:2
2⤵
PID:4192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1848,i,3122024200756519052,4981373398526925106,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1848,i,3122024200756519052,4981373398526925106,131072 /prefetch:8
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1848,i,3122024200756519052,4981373398526925106,131072 /prefetch:1
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1848,i,3122024200756519052,4981373398526925106,131072 /prefetch:1
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1848,i,3122024200756519052,4981373398526925106,131072 /prefetch:8
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1848,i,3122024200756519052,4981373398526925106,131072 /prefetch:8
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1848,i,3122024200756519052,4981373398526925106,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2872

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=2700,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=3688 /prefetch:8
1⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4776,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=3880 /prefetch:8
1⤵
PID:3412

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
cfc89bc9b7235edcea9e6de629b76238

SHA1
7f724c6ea1c684e38d00accc9ac44d3e870f6606

SHA256
b8f56d0f75a28ccff8b42c2eb1f964620192af91738cd9ff47e8ffd7541cc9bd

SHA512
f5bfc0edc38c395f6f76a7a7b4314d76c13dab606f320fdbd45abb2ab42c4e50186e97500d19d09e13a431ed28b90065fbb82d147f6cce39656c11ea58145ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5e1a67a6334fec87f1ca0f5811507616

SHA1
f62555b783bb090e21e7894986483e4c059843d5

SHA256
356625572b9fd8af52d02e9b4fc5957443085b14156d5dfd8e866a9c3552c14f

SHA512
be8fc2f5e5b27cbbc7cb6bcffdd21f4424a54fe94afcd69a2c89a09ca0c4abe42c88b60fc00dc0a773c940b7dc64097c9fe24c3172b47286e8e900005fec6c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
9d63e9e16197b34a45a95e9ff0c930e6

SHA1
a56d30eda59142daa6f3f07a5bed150b5d5f9268

SHA256
2b7c0544e055d32d69cd8f077036dbf01f19b76bd6423018d14d7fa4ca69be4a

SHA512
334efb6e6ec04aee0806f208fbf1ce3bf0fffbb28b0c40c0d9dc048f4ec58a2302c20beb89080070bbf16f3bb341422905014d38aa33baab9bc00f596e800926

Download Submit
\??\pipe\crashpad_888_XBFDWYZLYNZVWXQJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads