4e19c51413928aa8172dde82c5a8b10f2e9e2cbbbb6536dd9b142de3509c9461

Resubmissions

20/05/2024, 20:16

240520-y145cafe28 1

20/05/2024, 20:14

240520-yz6lsafd66 4

20/05/2024, 20:00

240520-yq2w8seh38 1

Analysis

max time kernel
40s
max time network
40s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
20/05/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PO, QU VT.html
Size

709B
MD5

5e1654ff0c06711666b4e55ccc214576
SHA1

4eaf9603cb5fe445905d7c359474e19d872a930b
SHA256

4e19c51413928aa8172dde82c5a8b10f2e9e2cbbbb6536dd9b142de3509c9461
SHA512

29c893b08260b261adb1130137b3c28d50a11b2a2223b4c8770d0746979293079259ce0faa6f306f5d59d20728f7265c5394561de536fcae5d89a461d6fdb406

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607097796390134"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 2236	1284	chrome.exe	77
PID 1284 wrote to memory of 2236	1284	chrome.exe	77
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 4868	1284	chrome.exe	78
PID 1284 wrote to memory of 1376	1284	chrome.exe	79
PID 1284 wrote to memory of 1376	1284	chrome.exe	79
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80
PID 1284 wrote to memory of 996	1284	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\PO, QU VT.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffea808ab58,0x7ffea808ab68,0x7ffea808ab78
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1832,i,3099464524797328949,3916671600004602469,131072 /prefetch:2
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1832,i,3099464524797328949,3916671600004602469,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1832,i,3099464524797328949,3916671600004602469,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1832,i,3099464524797328949,3916671600004602469,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1832,i,3099464524797328949,3916671600004602469,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1832,i,3099464524797328949,3916671600004602469,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1832,i,3099464524797328949,3916671600004602469,131072 /prefetch:8
  2⤵
  PID:3900

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b09f8d41da2fc1b83fd65327ce096ec3

SHA1
8d0ce8b492de4ca0acf113907776f8c26b1cfd26

SHA256
8bad5647d093f9b5cac5712dbdb857157c66071cbd326576c53f6a38954fda26

SHA512
eef5f7a0fac5e9ef82343ba342b5921a5f4a80ab83c236658b8e4bcf6e7bfeb8e86a95c04e935040e2ea6b49f62f3bda4bf5bb99d6f432858d01ff7b134dd7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e52092e2-48b7-4bb4-acb6-bae4f42332e4.tmp

Filesize
524B

MD5
88fcdcd8301c0e3cff7d0b02924feb1e

SHA1
bbd69887bc20896a1a66d16609dae644bb0528c5

SHA256
3a199f1644e87b5fb4b9b12d83dad3ca13cd3833828ac32ac26f9d0d51015618

SHA512
9404117f423fb838c4a25f8518aa6ca85193f5b8754c7d7e0d6cdd5d775176df3567388936a95182a385a8d6d70216f9d92157945e45c0568e313db161210105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48edd1c1d45aeeaa4eef5c3b3d467cbf

SHA1
bf99035ab27651f78ab3ba484905840e196a100e

SHA256
9841e2438118b48bf0feb490fd6c637b96004dbcf1039c56379044cb513fc50c

SHA512
77ca4816725b74c8df629476b8f703173f8fdf721819efb970e14281db3d5c00d5c9f65853e00fe980886d722b8d21c06acd0128c6ae05c407593cd612f3b886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
54be2275908b31f18e57c0170c7e58bd

SHA1
9d6734cc08c4d737e7b81504dc364cf8409139b4

SHA256
83694f7edf4768be5ba32e918e35cc72ab2761d8a34e2664649d5dce3ee985db

SHA512
73c76bb608a703f9f7582b938f80d5a16e4e4ac75eb495cce41fe566c2e69c4a0799b6f6348c97656ffa426ef8c7a3ac0ef81fc9e335acd30808dc58f85fc37d

Download Submit