hxxps://www[.]google[.]com/

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608358370640187"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 2352	4272	chrome.exe	83
PID 4272 wrote to memory of 2352	4272	chrome.exe	83
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 3376	4272	chrome.exe	84
PID 4272 wrote to memory of 2316	4272	chrome.exe	85
PID 4272 wrote to memory of 2316	4272	chrome.exe	85
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86
PID 4272 wrote to memory of 3680	4272	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffd6fe6ab58,0x7ffd6fe6ab68,0x7ffd6fe6ab78
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:2
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1968,i,2978626196026282411,14967021121604306635,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
902d54303931a028cbcf2214e71cff2b

SHA1
78e2f7d68601d19be196b749a487565fe68be2c2

SHA256
8b83853e7d079eb38d80d4cbdbeae32b109e188581a984436193a7ec5f1f90ec

SHA512
c92090bb6160b179736e7e547c39ecaa51b53130bc690f3b6e42d4941ed570c9ea368522e2f41bf750dfdb1ab03a813557ef851d954847626e1a732d06704866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3678225c898c24cd9a67e0f51d65be70

SHA1
63f7673e9a670274b829bf674bd5dccba7133c5f

SHA256
d9a90c28c70f7e37d4a5198b3d9a411af29c904e326016e885fc86abf668a174

SHA512
22931073c7c8946dd76af32ade732a1572dceb9b4ae4102878aebb0f232052921561928133df70ee72f274e42f3af37a1cbb5fab7f8716b9c148ce7528297ce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
35abe8d47e6d5771ff06241e6958c61e

SHA1
281a8d64fc8d5ca09873a198ff1b815ce3ce2d42

SHA256
643b7d70cce0e5b887ecd63fee53c9b807769cadb157fdc3b9dc50928c6ce0cd

SHA512
994ead062c68194de52722d6f51da286e44bb543fc4a4a5f0081334e81445c520eb9cc788cbe466e71c5872c3514738f80a46222325ed508b65b90dbc3690497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7d37e714f3ee59a100a94b74c79c3bab

SHA1
d5f597610a284d86f209cec66fe1012e6e150d1a

SHA256
573737fa5be0bd5431194ae0af50de1bac2532071f88c61860df8d3b067a17c0

SHA512
12843ff966bb48eeeac9cede4950eb57c4996b7028ddc69fa43bb0b8afb94e57ccd73df43ae8a2cb5e0395348c299b3188e4d9a9920c954e798b1844952edb10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e1c22f9ee6486ba2dd2f3e7fb2721f66

SHA1
ed8cff3b2039054fdc2b72e08fa8ee8916d3d5ee

SHA256
15c70da1c66440ebbf2236885ec219e218ecf4535303a77ab5286a94ff664a7c

SHA512
c43c562084b57e4a664b40c983a2a236ef70ecd2c3341b37bc01762759b89a3bfae417179e34a263520862e8d6f2bc55039ad725914844c1dd819868153487d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
518ed4b9f8b6ea109b0f096aba4e4f02

SHA1
2722ec9101b2ee134f8c7b44490c860f90713099

SHA256
4371e81d3b4d9d750f3bda217a9c3f453e7aa8b7d646220c161a488cb48ad28b

SHA512
cdf0ed3ede3f3bfa30b922c164cc49c8b1d89fa1a169d092b12ccb71d72cab2f98d08a12a447451b48413431fae1530b69f649797ec6c15c8bbf20d826fef8d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e366e641bb9970419cbda5b2ff38bafc

SHA1
671b64c3e3b039519b5111100d325fe029d265f0

SHA256
a75bf5b28f1bd834def3255d6404eb23bbe96420c51403a1f56df98b976fc8ab

SHA512
d6abe9223cf68d5514bb94a4c6beaa9070700a7cf89970545440fef77d04f1662a234f8bf00704c45c413087760fadffe930f5ff25a923b7273299612a1bebfc

Download Submit