4e19c51413928aa8172dde82c5a8b10f2e9e2cbbbb6536dd9b142de3509c9461

Resubmissions

20/05/2024, 20:16

240520-y145cafe28 1

20/05/2024, 20:14

240520-yz6lsafd66 4

20/05/2024, 20:00

240520-yq2w8seh38 1

Analysis

max time kernel
69s
max time network
70s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
20/05/2024, 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PO, QU VT.html
Size

709B
MD5

5e1654ff0c06711666b4e55ccc214576
SHA1

4eaf9603cb5fe445905d7c359474e19d872a930b
SHA256

4e19c51413928aa8172dde82c5a8b10f2e9e2cbbbb6536dd9b142de3509c9461
SHA512

29c893b08260b261adb1130137b3c28d50a11b2a2223b4c8770d0746979293079259ce0faa6f306f5d59d20728f7265c5394561de536fcae5d89a461d6fdb406

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607096788368071"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 3724	4240	chrome.exe	78
PID 4240 wrote to memory of 3724	4240	chrome.exe	78
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2200	4240	chrome.exe	79
PID 4240 wrote to memory of 2952	4240	chrome.exe	80
PID 4240 wrote to memory of 2952	4240	chrome.exe	80
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81
PID 4240 wrote to memory of 4520	4240	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\PO, QU VT.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffddd2ecc40,0x7ffddd2ecc4c,0x7ffddd2ecc58
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,6651630407676615583,3576274426360494771,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1972,i,6651630407676615583,3576274426360494771,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1212 /prefetch:3
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,6651630407676615583,3576274426360494771,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,6651630407676615583,3576274426360494771,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,6651630407676615583,3576274426360494771,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4276,i,6651630407676615583,3576274426360494771,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:1528

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4107c020767968ed77def1e510b21dcc

SHA1
033ff47204de93e6f314029d692e18b286676088

SHA256
b464367dcbee96c785fa61ff88960dd2a021cdb8faeed07db13867339c625a60

SHA512
833414218efa73fcde3d194b6f57fd40c7187d056144a67fef577d4126aece11ee04060e7291b9e67f10902c41931a4235a13e571ac60d9ba39c16d5295bb190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
493b6d70bed67b653a04b658aa49f10d

SHA1
23e2d264bc19425c47416c18fbbf50969d0402f5

SHA256
dd0e647779bbe371d50f32220d3ac098b2f1b2c85fffcc5cbf191bdae379be80

SHA512
f29b225b3ecf7bfe41521e152dfcc71030032cc6a0915793a6568e5907012c8bfeb502f77e6fc2e173d122f0a3c84db38692e84a84f5f0c45790c60a415f4889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c28dccb457cb175045f204698f1bf2e8

SHA1
1b17efbe531d8f6b44cb5e7640af72854a4ea1dc

SHA256
fe95425bb9f32f5af9c0a6fbf920ae2ed81bf882108f598f49aab23ec2095bc4

SHA512
f5386e8fb436b58913c691b35e8f28fa407d367aa271f1c339eb670b1fa502ed3106b0e5dca879f7abf2196c3311ba32e33f7fdbd1280387955b97a2c7590ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b094fa2cdc3763a88451411e6ca1b7d7

SHA1
952c3e6b0f7e5882e9bed2459d89e88692956e3b

SHA256
2532a564c034aad3d4e2689492158c600759afe61b999f6ab23171c9d37d6f74

SHA512
00b6431017b609e0e9b595c67aefe94a82ac4381953cd1047a2983073122d7e0de47a3fef9d6c693c968c11513984e1ba4a3acef004c771f9b5b0a2eaa9769a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a8944c83c9b3fea3bdd29e03ac0a43b

SHA1
90f7446d0d1b77b9e4707c3e859e6205c4485a9c

SHA256
59d55125e386f6e765a6cf08cb4bcc9717470a4410a5086baa942628acd8f20a

SHA512
492fecad24c0ee8af8bd5edaceb1c427d8e586a0217ec483625cc232a83142274bec27ef9a65e0996cb9ddc6159221f2f95ea41a3cd0507e9586395f7c90ed6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5df57fde2382b59945410a3d3d41f33e

SHA1
31c82ffa0e0446d68928ce74ac51399b5917ee0f

SHA256
62e8e838dd8d87a03b3688cebbcc95c708793535f7d01d00cdafadaff14e1ac2

SHA512
d6dce14083219aa670d4bd496bc756892f4d750b4424f5ab161bc0b944039f5b363bdf4197c9e28c60eee5c69edd3421e81484b16f5a185e8f687d7c3bc4d869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73779d7d39602bed2c85cd8a44a00c13

SHA1
10c1ad33d58683365da501458e98c07540d300a7

SHA256
9ada05a9045a6e63a52c81966bff7e01b4bc4fb7ac72d65f5412e737795c3e05

SHA512
36a2454f577888fe25984c6f2d67528eb3f827b9196dd3b6a44a09f35ff61ad017983532396d05f2bb399ce2705606b173e5482931d7367de69827c689412a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
65c7db83683d0cd89aa23d21980753a6

SHA1
3e487e3179175b5ad0187362a4259f31c9bf5288

SHA256
f4501fe9f9a1c3d189851d7ad5e24a05579b649ba1072d8a87c2902070bea62b

SHA512
8f3d891322401f10b41ee306492ccc665c3ce471a5995a813c9dff2573edb6e6620a5aebdac5a7334e374bcfad03309af0ef944727367684687a0a8d93073ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ca83d8b3ec7b55cbb2e533053673dafa

SHA1
4ff118124e976da574213bdeb7e10a8e7f3d7904

SHA256
934ff56c93785adda873328c7a310a9aa760ee5957788fef4b1eee625e485e68

SHA512
5c3b592c91d40999b6404bc98a623e0e85c2a81eed6126faa01f26bc25796c791456ff99b5140eee328f85f2f47d0efd37b311cc950d6d150f8505ee64792175

Download Submit