hxxps://google[.]com

General

Target

https://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exe

pid process

4072 ipconfig.exe

pid	process
4072	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601244406838181"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4048 chrome.exe
4048 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4048 chrome.exe
4048 chrome.exe
4048 chrome.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4048 wrote to memory of 4960	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 4960	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2116	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 1052	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 1052	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe
PID 4048 wrote to memory of 2556	4048	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0a69ab58,0x7fff0a69ab68,0x7fff0a69ab78
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1884,i,11599247363973848253,6574697756679088246,131072 /prefetch:2
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,11599247363973848253,6574697756679088246,131072 /prefetch:8
2⤵
PID:1052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1884,i,11599247363973848253,6574697756679088246,131072 /prefetch:8
2⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1884,i,11599247363973848253,6574697756679088246,131072 /prefetch:1
2⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1884,i,11599247363973848253,6574697756679088246,131072 /prefetch:1
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4192 --field-trial-handle=1884,i,11599247363973848253,6574697756679088246,131072 /prefetch:1
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2144

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2896

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:4072

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
ddf6cb5b142225d82597e4aa67f25671

SHA1
7ef6ef27ae27830930a94e44c42271030b7099b8

SHA256
9bf372c9ca2ce681fe8170f0091df8ccd331fee40f8db887ed95bd50be2b3d76

SHA512
8f9d2e3ce91f79963734d9a4265a0e175a4dbe583172e2b779f0a0d9ddea4076054bd6f267f9ebab33e1840f142d79aa982ef8020d0765990066ab8cf550f05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5fde5988bd64d49868a4c7bd4b8f5f17

SHA1
ed51076ee796e6b001a23052aa9a024cc0d6b306

SHA256
f92a3e6f96ab37b23a8c7f7eb68ed4ae5e0423d289af5e85a20efd9dd5a32a54

SHA512
765907979be5de3faa0d3c7979804b275c7254018604b7920ae7b719b864f44a5e8a33e5e0d7cd101cfec67ecdaef95e373ca302319afe253834f5043e2c5b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
354B

MD5
2c6ef32ea78b3797ed5377ae70bb7373

SHA1
80c8bd176ecdcdfc732b1d4b48ecb99c24505146

SHA256
a0e6cae0adb916247cd2a5f67689b57bd8a5934bfcce58af1124a0f3e6d5a45e

SHA512
7327b6aaad9917ad9905b43b8f0799effb2fb4ee6e5f1d360817fcb6243fdfdb993b5a33648c1d334d08086d2e6281527a386a1c408e1ccff20d71946619744e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e420e680f4fd31d2a34a6ea9c502b345

SHA1
536541387b69d1c274a0c8ba685abfb0d9b0d1db

SHA256
864158ebcb5035c4aa0d37bf4ffb5ee0d100aa42bdc038bb9f794b5922bc5223

SHA512
ebb5b318dd225e520239df9a4ff9187c18cda9689b77aa05fd8db878b1f64b74d2c8e36167c2180232b1c901ab45c9037a3e92ee9af58a3f3ec59d8bc18b82ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
79e513bb99228caa4ae89b4f29479364

SHA1
9c67d18bee62cc36a2f880a2433d93c753668bf3

SHA256
ceb01e3554c3a0ce1e80516c9e87fc350ca1162cf82133aa745ca3d6a764bd70

SHA512
a09930c8c901e77d53a368b9efb258111ef7e8f8bd95eafd6f1d2875b8e7a3757bf7e284234a3981069f5e2d8da563c4d12dff5da200b164344b9e8a268904e7

Download Submit
\??\pipe\crashpad_4048_LLUFEXHXQWVFNLFI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads