Analysis
-
max time kernel
50s -
max time network
49s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
15/05/2024, 14:00
Static task
static1
Behavioral task
behavioral1
Sample
identifier.html
Resource
win11-20240508-en
General
-
Target
identifier.html
-
Size
165KB
-
MD5
b249f3ceab0fddecbe0ff197a1532b3a
-
SHA1
2d15be8a7d6a78e872ab2bef60c0f8bee16d23b0
-
SHA256
605f2763880391b43719957efd2687bcf790fda37a2c014d812e6c43448045b2
-
SHA512
f1ddb8b8f8104461f9921265e77937f9bb6f3aec989ab5c4dd591fda94bfb3e76fafb6a0a08ae6ea2780656867bd3d21062baa8be1b1a84ee208961f23c32dda
-
SSDEEP
3072:2y/RQQy4SIDfb09vIK9rGrdornuOOEsHr3:P/Z/J5KtGJobAEsHj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602552560215959" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4516 chrome.exe 4516 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe Token: SeShutdownPrivilege 4516 chrome.exe Token: SeCreatePagefilePrivilege 4516 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe 4516 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4516 wrote to memory of 4732 4516 chrome.exe 79 PID 4516 wrote to memory of 4732 4516 chrome.exe 79 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2516 4516 chrome.exe 81 PID 4516 wrote to memory of 2764 4516 chrome.exe 82 PID 4516 wrote to memory of 2764 4516 chrome.exe 82 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83 PID 4516 wrote to memory of 1016 4516 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\identifier.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a35eab58,0x7ff9a35eab68,0x7ff9a35eab782⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:22⤵PID:2516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:82⤵PID:2764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:82⤵PID:1016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:12⤵PID:4476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:12⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4092 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:12⤵PID:1972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:82⤵PID:3760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:82⤵PID:2376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:82⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:82⤵PID:4908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:82⤵PID:1264
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5a094997e8b930defa17766294cd3fce6
SHA1768da347f91677b8c0ab21c558a77555f1490f9d
SHA25614bbda017bc58f85685278d27594e3b1363a03b31e4f90947015a1236160e4bc
SHA512d2a314c01ccee3d41fcc14d9fa392c32f39ff5f31726b6ea6a06dc71a81466c122abb9e09feffdced8610fef1fb4b94b698c7da7810d7f094d8d223b6fff6b54
-
Filesize
6KB
MD5c058e7b580091adc44cd31a953ac93f9
SHA1343d9d9b2e06d9e299e52b97e9c1a5dbb13df544
SHA256fbf912d7ec29df19d9cb7d679c20d9a833fb1906c5cc85c3d380c572e737303c
SHA512e34be3965d65e59a3d8a447d27d969bd466f1a987bfd20f6626842962d96a782ae113431b93c78a4956a4831bf73012fdebf60d49f2298024efbc1425028610d
-
Filesize
131KB
MD52cb66091151f616d9a90cefd363edbe2
SHA110669a7a28048ca3d6cf5c78cb592f27462f6cad
SHA256eccc29881686d6a203b58dfbf2518380c5ec91f9e5084b9df4f78cbdf54b2c27
SHA5129478daa9355cadea9b2815fec7dd8be3b2bf712af3429741a79588179792e65c0bdbacd0ca91e98951147562c47c105bf652759b6c9e2b7581090f9e911ac814
-
Filesize
132KB
MD5ca371c4c995302fa6761aa9a5149e499
SHA1732f15f35a72a6a831334f797e8dbf27ce502143
SHA256278d8e8da1dbb2f80bc4f5ba472e4c5d166ea42bae18aa3078465f3fe1ed4cc4
SHA512d3e6cdfb87cf4c5491a09fe3e93d03cabf126db06ac20a929710b2ccdcd8a6f84b8a2973529e1db7d80814f7d1b511a9078561e1dcd95e02051fc8a9e9fc9a1d
-
Filesize
86KB
MD524a2d054788cd24b95d6d517173f8656
SHA17ad6b5cfeb23e216bdcfc1067dcd6215214cd430
SHA256ee6a6e805955109245772fa048f891572476b5990601c36cccec14f9197cfe7c
SHA512175ab5e2425244854da53ed83ae622b8f17bd181c96ae2a6726793382135904a9630807e3bb2aabb8958d764533ab5eda81080c2816ca712be1d4efee3bd2058
-
Filesize
83KB
MD5ec449f6fd49af5eb7d6ed37e1a60f6e8
SHA172211897fcebf4e84e491305c713d2187e37ec5b
SHA256f7b7085db73e4c2900798cade547d0ec063859b72bf1717ceac5c9e9306c1d45
SHA512ca2e0c9af9b57d200d09ee1631334d1c615ab67fe5602d57ff0fdaeb163ec6bf150c24c3a45e53421780a0f001569b7e205125703b8d4acc69599d04f69d99e9