04e4b15e1635ce72c9834dec05c74983a957789f796a1fc3f4540e14e1fdb249

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
14/05/2024, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5695_hmrgbducixw.exe
Size

29.0MB
MD5

954ba10090f3707f7914e9fbf6e4b406
SHA1

3d9b91d0a783a29898fc84d27ff5bd5d41edd913
SHA256

04e4b15e1635ce72c9834dec05c74983a957789f796a1fc3f4540e14e1fdb249
SHA512

a6058f2bd9b2a47d18f6659bc1ccf638b1b5e714ffcabf7e1d918f7c81bdd70b90abbefb0189c712b373685a8d259db468bb0008970113afa6636443e98f49eb
SSDEEP

786432:0rQ7GWkoU6hcc8RVc5vrHLKJSbDfsUmd+J23bz:087q6x8Ri5vLL6Umw2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601907161718621"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2344	chrome.exe
2344	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 1456	2344	chrome.exe	87
PID 2344 wrote to memory of 1456	2344	chrome.exe	87
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 908	2344	chrome.exe	88
PID 2344 wrote to memory of 2312	2344	chrome.exe	89
PID 2344 wrote to memory of 2312	2344	chrome.exe	89
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90
PID 2344 wrote to memory of 432	2344	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\5695_hmrgbducixw.exe
"C:\Users\Admin\AppData\Local\Temp\5695_hmrgbducixw.exe"
1⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8ae30ab58,0x7ff8ae30ab68,0x7ff8ae30ab78
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:2
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4272 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1740,i,13411021174285534232,14729603394751885575,131072 /prefetch:8
  2⤵
  PID:1976

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4ab21ceeed89e59630946b62a9adcf72

SHA1
7085471bba5ed30bcf9813726d3a1e0ba3aaec9f

SHA256
8413f437ea4d661757b6dfc6596a99cb622a8203c04a3a13458e52a0336eecba

SHA512
97f5f9b8e26f6e5a1c311711dd6362bef86181636971c6123793dafaa498888ccf6240f67cd4916844bc639592a1d1878d91cb5ce9122e2a0ab8fcca42fe7b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7db7097c17781f5f817172eac9015fa9

SHA1
e6b858ab7d9135c7261a228297f1ccd38dbd597c

SHA256
007f0aa403b67140166079f5fa04f32381b01f7c48e0d64540e18c5519c4a8f4

SHA512
06b2c38a15dda5cb878e03c6084eed03e1cb869c29aceb9c080dee6a8fa3fb137dd8669bac7ef22e0c64224822fe1a3961ca66c994631f4f7d7fab0386b3364e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7dd7f25c2f7adf238217075755fd41e1

SHA1
5bcf984ac734390b1c39fda596d176d7e8edecc3

SHA256
8325aad7072d496012b53be40393b98d1d14e8787d71185d4b73516a4dbc72ce

SHA512
e28a0b95e7ea44faf742b63b52f206c8904af7f2aff7f6ae04bd13124a01b63ecd2951c89ef0ae415de34a4a9463e87ee93519b426ad1ccd31f1ab94f96e1d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
57b3b094ffcfae3fddc5422eb530aaef

SHA1
8065df99f2476ce19bff0fa62d46ac11a8537b81

SHA256
8db9a0381679a3d8213e9a87e6758b29cc615e7c5f3d5251138ce65d51e10bba

SHA512
e658618950c5a8f4dad113763952bb07e73173be683b3a4638b92b8bd31104064f8a6cb6b091a97274909c250c9d054aff5659927eff2fe6ccb8f17b062e6e10

Download Submit