Analysis

  • max time kernel
    50s
  • max time network
    49s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/05/2024, 14:00

General

  • Target

    identifier.html

  • Size

    165KB

  • MD5

    b249f3ceab0fddecbe0ff197a1532b3a

  • SHA1

    2d15be8a7d6a78e872ab2bef60c0f8bee16d23b0

  • SHA256

    605f2763880391b43719957efd2687bcf790fda37a2c014d812e6c43448045b2

  • SHA512

    f1ddb8b8f8104461f9921265e77937f9bb6f3aec989ab5c4dd591fda94bfb3e76fafb6a0a08ae6ea2780656867bd3d21062baa8be1b1a84ee208961f23c32dda

  • SSDEEP

    3072:2y/RQQy4SIDfb09vIK9rGrdornuOOEsHr3:P/Z/J5KtGJobAEsHj

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\identifier.html
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4516
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a35eab58,0x7ff9a35eab68,0x7ff9a35eab78
      2⤵
        PID:4732
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:2
        2⤵
          PID:2516
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:8
          2⤵
            PID:2764
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:8
            2⤵
              PID:1016
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:1
              2⤵
                PID:4476
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:1
                2⤵
                  PID:2380
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4092 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:1
                  2⤵
                    PID:1972
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:8
                    2⤵
                      PID:3760
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:8
                      2⤵
                        PID:2376
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:8
                        2⤵
                          PID:4000
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:8
                          2⤵
                            PID:4908
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1852,i,13113735941038466154,11961994597055508189,131072 /prefetch:8
                            2⤵
                              PID:1264
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:2344

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    356B

                                    MD5

                                    a094997e8b930defa17766294cd3fce6

                                    SHA1

                                    768da347f91677b8c0ab21c558a77555f1490f9d

                                    SHA256

                                    14bbda017bc58f85685278d27594e3b1363a03b31e4f90947015a1236160e4bc

                                    SHA512

                                    d2a314c01ccee3d41fcc14d9fa392c32f39ff5f31726b6ea6a06dc71a81466c122abb9e09feffdced8610fef1fb4b94b698c7da7810d7f094d8d223b6fff6b54

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    c058e7b580091adc44cd31a953ac93f9

                                    SHA1

                                    343d9d9b2e06d9e299e52b97e9c1a5dbb13df544

                                    SHA256

                                    fbf912d7ec29df19d9cb7d679c20d9a833fb1906c5cc85c3d380c572e737303c

                                    SHA512

                                    e34be3965d65e59a3d8a447d27d969bd466f1a987bfd20f6626842962d96a782ae113431b93c78a4956a4831bf73012fdebf60d49f2298024efbc1425028610d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    131KB

                                    MD5

                                    2cb66091151f616d9a90cefd363edbe2

                                    SHA1

                                    10669a7a28048ca3d6cf5c78cb592f27462f6cad

                                    SHA256

                                    eccc29881686d6a203b58dfbf2518380c5ec91f9e5084b9df4f78cbdf54b2c27

                                    SHA512

                                    9478daa9355cadea9b2815fec7dd8be3b2bf712af3429741a79588179792e65c0bdbacd0ca91e98951147562c47c105bf652759b6c9e2b7581090f9e911ac814

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    132KB

                                    MD5

                                    ca371c4c995302fa6761aa9a5149e499

                                    SHA1

                                    732f15f35a72a6a831334f797e8dbf27ce502143

                                    SHA256

                                    278d8e8da1dbb2f80bc4f5ba472e4c5d166ea42bae18aa3078465f3fe1ed4cc4

                                    SHA512

                                    d3e6cdfb87cf4c5491a09fe3e93d03cabf126db06ac20a929710b2ccdcd8a6f84b8a2973529e1db7d80814f7d1b511a9078561e1dcd95e02051fc8a9e9fc9a1d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                    Filesize

                                    86KB

                                    MD5

                                    24a2d054788cd24b95d6d517173f8656

                                    SHA1

                                    7ad6b5cfeb23e216bdcfc1067dcd6215214cd430

                                    SHA256

                                    ee6a6e805955109245772fa048f891572476b5990601c36cccec14f9197cfe7c

                                    SHA512

                                    175ab5e2425244854da53ed83ae622b8f17bd181c96ae2a6726793382135904a9630807e3bb2aabb8958d764533ab5eda81080c2816ca712be1d4efee3bd2058

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e975.TMP

                                    Filesize

                                    83KB

                                    MD5

                                    ec449f6fd49af5eb7d6ed37e1a60f6e8

                                    SHA1

                                    72211897fcebf4e84e491305c713d2187e37ec5b

                                    SHA256

                                    f7b7085db73e4c2900798cade547d0ec063859b72bf1717ceac5c9e9306c1d45

                                    SHA512

                                    ca2e0c9af9b57d200d09ee1631334d1c615ab67fe5602d57ff0fdaeb163ec6bf150c24c3a45e53421780a0f001569b7e205125703b8d4acc69599d04f69d99e9