ae589568b7d6489db770ee847606b046944fe384884234d0b86752cbda753ab6

Analysis

max time kernel
33s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

160KB
MD5

adf50fe28533fbc3307c48660eb10078
SHA1

1d40e430c3336879aee536e4e88f8eaef6ca0f3c
SHA256

ae589568b7d6489db770ee847606b046944fe384884234d0b86752cbda753ab6
SHA512

73301098f100ffa5f49114cfac4dca8d22f24b6d89ded1f3a75186e541cc4f80529f0774a449b61429da1201f568c38ee1691a7afe6e854db378355ea05a613a
SSDEEP

1536:P8QR6LhcBgqojBvVeYl8iz4GZgmKzh2nKvE7A444Hie5ex/CctZWXsX6DUZCbCdJ:EaWUHxYhFuYoww3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606982150530774"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1608	chrome.exe
1608	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe
Token: SeShutdownPrivilege	1608	chrome.exe
Token: SeCreatePagefilePrivilege	1608	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe
1608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 644	1608	chrome.exe	82
PID 1608 wrote to memory of 644	1608	chrome.exe	82
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 1896	1608	chrome.exe	84
PID 1608 wrote to memory of 2604	1608	chrome.exe	85
PID 1608 wrote to memory of 2604	1608	chrome.exe	85
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86
PID 1608 wrote to memory of 4512	1608	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceff1ab58,0x7ffceff1ab68,0x7ffceff1ab78
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4648 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4152 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3040 --field-trial-handle=2080,i,10327143201392363282,9595207711853915157,131072 /prefetch:1
  2⤵
  PID:3560

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
35KB

MD5
d383c696fd7e49dc3e925bad3728f020

SHA1
48b140a03877a6019e00dc78e236f75ccd9b88dc

SHA256
06fbe85c16fbe11c814747933dd2b4dae065dd2463ca24067a1d7300ef5faa26

SHA512
6eb43ab1d7017ea11693cde2880dee78fa3d242c09f52bcd20d1158908a117df3574eb2298dc9789109009c4062b4ba8029d97d25d29a401dac5eb6562a35882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1018B

MD5
6b5f55cf3f7042ca086e2280a421d379

SHA1
0887cca3c86914fe73b1e3c25cadf092a8ad7833

SHA256
da3aff64ee07b2e3a0cc858e4950c720438547ec8129550245f85e8c264db1e2

SHA512
2b54b4c09706c03c789b6e89cb1e69106618fa093d3577e9176641d459b5557ef84d24de4bf5c9b23026f10942c72b3e4adbc779fd81f89f8fd9ce302d6e5160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1018B

MD5
f24824ab72e2b762d452925dacfb0dea

SHA1
f24a4e7c8a62b96a49c4ee3596a40c3c5049ef58

SHA256
7283bff62313fbed23212a1ed88c5bd9af21541a67d4eccc9ed3e22a03b70fd1

SHA512
168ffd00d72893a444a964afc82c3167dec42759aeb9f3a385a7bf551dbef6eb9730dbad7b6146c2fda251a092862a535baafffee2ffa17d9fc87c733e788665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f205883601259ee9fb073ee264796a1

SHA1
0477cb9a4b62093ac4bb64e98378e005aa26e9b6

SHA256
50ad50226020650afd19b836beccc947b6ef75f423273f08d917b3a4c6d23875

SHA512
6e481be60a2070aa8a5901756dd20e754776c649e03932c73004928ba2562e392886479d68b0df663658bc6712ba2252a3a3b620bb83ff91be4bb88b10ee9ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
0fdbacb8cb95415b4442835c0503e153

SHA1
1630cb365646691bfe636ecae916e03f928a2501

SHA256
82c0043c18d80f6f827d56961e1be230f533a644a2d2926fa36f94d275690b2b

SHA512
303be3ce80f6ce429dc04adb5cee6ab0e66337d2cbc4521dd68daedf8d19e3597b093207fe040c34bd7e0e8bec4684d5c655eb9a910ce43d0fcf7cec64c900da

Download Submit