Analysis
-
max time kernel
299s -
max time network
288s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 00:06
Static task
static1
Behavioral task
behavioral1
Sample
file.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
file.html
Resource
win10v2004-20240508-en
General
-
Target
file.html
-
Size
176KB
-
MD5
b953eba523e77f6e19ec7a66e5babbad
-
SHA1
82dbe8304fa22decf94b5a96e5a19697fcbf57ec
-
SHA256
40a7b25cbc35c77604ac44d96e3cded8b29f3b5dd25c093550ae0629c7019ab1
-
SHA512
f4be970955f40caebb4c57612ba3ed3b1d6b921ad1561189483ae8072b375868b2e25bc9189e802e28f42be360b3979d322f79e6a80dcff87a3073fdb7897652
-
SSDEEP
1536:UijCa50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/xlCv1aszFek:UiLgAkHnjPIQ6KSEX/+HuI4MU4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608100963780881" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1364 chrome.exe 1364 chrome.exe 3756 chrome.exe 3756 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe Token: SeShutdownPrivilege 1364 chrome.exe Token: SeCreatePagefilePrivilege 1364 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe 1364 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1364 wrote to memory of 3032 1364 chrome.exe 84 PID 1364 wrote to memory of 3032 1364 chrome.exe 84 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 4100 1364 chrome.exe 85 PID 1364 wrote to memory of 2416 1364 chrome.exe 86 PID 1364 wrote to memory of 2416 1364 chrome.exe 86 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87 PID 1364 wrote to memory of 552 1364 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1364 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40eab58,0x7ff8f40eab68,0x7ff8f40eab782⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:22⤵PID:4100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:82⤵PID:2416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:82⤵PID:552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:12⤵PID:4940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:12⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1836 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:12⤵PID:4460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:82⤵PID:916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:82⤵PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2488 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3756
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5545d395fa754e840dae8a43f6d3267fb
SHA1cf54ce5c7b992a9ec5fcfd83c4063c4ffc2c8e97
SHA256a1dc83f444cb3aa3d804bd36f512cbea2b5d17e58a21ffd87a63dd664507f81e
SHA512b3bac1436c5d9ef2d448892257bed22d1be7226eb5782ce4bc028d8052ff01360daff14cf809bdd53bce8c57459d71811f6b16bdfd5c42e551414f4d44ea2d5a
-
Filesize
3KB
MD53d9b2cfc192ea367d7fd073cc3d43aa5
SHA17bd68091675b40c935d77bb02c476d0dc5f3d3bc
SHA2560dd99db99af8ed028645fc0dfc99a0735055f707a584ad0302f3a2c3c2ec8e53
SHA51252b7a91bbd969fa305a58a73cb3be859199cce2077f9f45d9e6b644ea5954af1d137026adbc9e5bf1a7110261222ca4a44b2e55d0b4ac56696d25fce2e5d79cd
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
858B
MD5a54dec6d87208d1d36b2ed9a7eed6353
SHA13555ade23484141e11b219101587c494a253fd86
SHA256973743038cb99798541a7767ce751146a109d376acbb700ef9891993d5fcccca
SHA512a8fc6c3cf4a044abd2b9f6a84eb4da9526871c39c1bbd775b274ecc7c070cb3286cfac64434dc23cf0026b2b6762e38e052c92ca71b4c3ba3b0404a07a0679d6
-
Filesize
6KB
MD5b121d1d79145bc6aabe094df659b6e08
SHA160271861c4bb2f81685d8908830e9e351170e6a5
SHA256c4a73706c1da9b834141fe72d363642796e37db7608e4d59860934c692fdbfbd
SHA512e4877dab9592fe06b2a10c04ea6e485940feff6e374509e99bb779d10c0109306443d29edc4aca6c458c095573b52829d6a43c73956c9e449ba4f4bfd95ebca8
-
Filesize
255KB
MD5dce24ee6afffb3179dd690845c0f16ce
SHA10512b92fdcbc34350af0566f85bec62d54a39568
SHA256ae6c23a3550e1d3f6582d25dbb63b32f76b83a084af98d98734b9ec35a906ce4
SHA5128916f407e72870c345c5444164efd11b5e5c2c6d163f457ba37139f80cd9781da944252a0e39daf0a617543f047555f37c4f1b6ea4289bcde91bae37e679ef8f