d0fa42f7e75b65a78caa618e670952baf2c7303781687187271aad29e56bcba4

Analysis

max time kernel
71s
max time network
192s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

view.html
Size

83KB
MD5

eabea33d7996a6e1fd77ea6baf1ee730
SHA1

6e91f15094ee3b8b86ea30a76e1b7de01e5011b1
SHA256

d0fa42f7e75b65a78caa618e670952baf2c7303781687187271aad29e56bcba4
SHA512

dd91f7e0b847dcfd37c88bc0869df5831169b036ddd631ab113bce7c4d711fb988a9105d78ead70b3023e63bfbc7667e1aab610c21b809a648e2eec4534e9375
SSDEEP

1536:9SL4TVs8swexij2BktQFKFwCzOe1Wh+1pE:Q5Ajrt8gOb

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
12	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2472	2408	chrome.exe	28
PID 2408 wrote to memory of 2472	2408	chrome.exe	28
PID 2408 wrote to memory of 2472	2408	chrome.exe	28
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2564	2408	chrome.exe	30
PID 2408 wrote to memory of 2672	2408	chrome.exe	31
PID 2408 wrote to memory of 2672	2408	chrome.exe	31
PID 2408 wrote to memory of 2672	2408	chrome.exe	31
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32
PID 2408 wrote to memory of 2796	2408	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\view.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7129758,0x7fef7129768,0x7fef7129778
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2808 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3432 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3776 --field-trial-handle=1292,i,11389455352558539193,15111360262335688713,131072 /prefetch:8
  2⤵
  PID:1156

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5588eb5e6730e9d010d369c3a4c92fa9

SHA1
d01eca3e0ba86fb04879f4082d18ebae0d6d1b3f

SHA256
bf0d585fad7cb18596742855f5c104778c7e0985c3d1025228d57d2179b53b76

SHA512
c3ed2ade2216c3214700fbe0fa84d7521ec22648c75ea69061617657a7692725e109da44f65595d7fd7265df14780187253dffb25ea42e0d4a80b63179e67810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f276dd484ddd6bf54b706c7e6e1b2da9

SHA1
261cf1b37b837537318cf7c9b06ad3cf25ff7de3

SHA256
44cf81cc1d4e4ba18a9900967a0aa5a4f78da1252fc8ff922f61133dfced56c7

SHA512
d98c02f891aaa4fa01412c4353a52f29a9dcba32eab333e3208e5a06db05f6fc68d40a477e1bd6e80866a61ba929f8aa35841d4b6a292db652420c5eec54ba41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a6b6bce540106e2c4ee9ba27723fd5ba

SHA1
831d898e6db9f9ff8cdf3a46814f2a7892290725

SHA256
ca0ef35754d1c2ebdb7a716496e33b009a3d2c5b8ea8ed21d996d4c03d62d7c9

SHA512
548294e6e15b521807f9a53dd0fafa1c2028b3f9e92826aace613b646e3da00c98ad33f71162ef8a416c9a856e1019f8a49523c4d07e941381bee21b8ad558f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fc89ef6c131aec76a1a691b682c4b685

SHA1
ec8ded2c837408f772f66ccef6adba63cca18d1c

SHA256
611eead142ade1611d5853f026d665d552bf252e12f7e7ff9cd3db2254af771e

SHA512
31a3a068424a0febe5650ec4e493fe344c125b39f2977dca4447e821ce069246aa4bccf6c4ce794ad81c897d05acb546faf4e33164712bd6ac90047344354823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit