be0a9bf894ee588dbbffb7b153c2275013df8829ea76b719131bc03f8d79cab8

Analysis

max time kernel
14s
max time network
56s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

watch.html
Size

939KB
MD5

dab0fac70e66e0db18c5117334a0272e
SHA1

2c8d32d848aae0bc7b31af690b0d368aa135b7d6
SHA256

be0a9bf894ee588dbbffb7b153c2275013df8829ea76b719131bc03f8d79cab8
SHA512

400c319f214bab961175db553642d4202f4d5eafdb727fbf4acd19b55e22ba6665e85822f536f03fb0583c307443849ce35def8c56b657a65a51a8a138294d0b
SSDEEP

12288:6PfqfEfnfKfHfBfJfOfgft9tyFEDBqLqr+lKcYrF06:6Y9uEDz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2420	chrome.exe
2420	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2436	2420	chrome.exe	28
PID 2420 wrote to memory of 2436	2420	chrome.exe	28
PID 2420 wrote to memory of 2436	2420	chrome.exe	28
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 2900	2420	chrome.exe	30
PID 2420 wrote to memory of 3068	2420	chrome.exe	31
PID 2420 wrote to memory of 3068	2420	chrome.exe	31
PID 2420 wrote to memory of 3068	2420	chrome.exe	31
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32
PID 2420 wrote to memory of 2832	2420	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a59758,0x7fef6a59768,0x7fef6a59778
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1232,i,8844029079395339070,10684896506996966022,131072 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1232,i,8844029079395339070,10684896506996966022,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 --field-trial-handle=1232,i,8844029079395339070,10684896506996966022,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1232,i,8844029079395339070,10684896506996966022,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2160 --field-trial-handle=1232,i,8844029079395339070,10684896506996966022,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1020 --field-trial-handle=1232,i,8844029079395339070,10684896506996966022,131072 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3224 --field-trial-handle=1232,i,8844029079395339070,10684896506996966022,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1232,i,8844029079395339070,10684896506996966022,131072 /prefetch:8
  2⤵
  PID:1596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3000

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2016

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2252

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\CURRENT~RFf762c9c.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
14a8a2a698e3058621afb31e1baf92ac

SHA1
d5da3acbddbde97e7c8de19d7fd0bcf230b20650

SHA256
033a8cc2d08cff2bd922d230c8b12ff3e0b7ce0da3acc57428f087cfa89f685e

SHA512
02b07304ddd0944b75e656838aa19e4dc9b19191fbfc372e8740c3d333588eb8999cbc4c1fa0366533269eed6d77b646cf749dd6c3d0fe226deaa3b406d6509b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\c44c239d-ac6f-475f-82a7-6b7538252433\index-dir\the-real-index

Filesize
48B

MD5
51878099e1409975c2041d70015adbb6

SHA1
8b7b764cd9ef6b1a6bb942799c2eb721e6c306c1

SHA256
d9cf462b7dee64010a1cdda5df96f07bdbbccb2519c5df7ef263790b22937302

SHA512
6b46f99f4cdd08e0b6a14f7ed96774d6473fd4b8f6565d6d98417a75a0dd655d65bd2617bfa4ae33dc2e56c4ad1be04ebe0720764dbb156dde6ac06ce08ba98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
80B

MD5
1af306813487099ab8e177da8809c7c4

SHA1
216c76990b3d4a74a16296d6a765f389858a461a

SHA256
4c8f5a7665a81e259992186150daa035ab7efb2cb42c797abd7b5451a85e7e92

SHA512
89f61b64fa88ed3129bf87b09c066e8fbc9fc8642151e316f217ca1d61e9edeb8b30a3be47f6b633c63a53c6b6023df7e2afb2fd0065f2e2bd224d43ef99afd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
151B

MD5
5b6a2758db29947b5d36c69ddd0a6de4

SHA1
2f3a81fa64a74672c305e20987c1900d1ecd65fb

SHA256
ae81f6d6a24ba0d79cb3181630e84eecc9f28ea539d061d866931132dbbb4a65

SHA512
09a8d5ddf0bb236fa0a0294c27f8519d03c6451298c8f008ee959566033fd0db9eb6cf2b226166001da60fbda4cb0e2225db189c0a18e15c3eb455cf621f4178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dcfd241b-634f-4671-8486-529f825d4e33.tmp

Filesize
5KB

MD5
fa971a35ad3cc61b43f15c06c7dbf111

SHA1
9e08157ac58b04d622ff59858634b54b67f42beb

SHA256
8f787b0ff7e59300564ab9d6e6bcd241a676df73d1110b0a968feeb6c54794ad

SHA512
bfc05ea3dd3fab1c00b4db3da7343b2b2859eb7e6c44791a6922cdc8482ffbc31eaeb4b4ef05476ad250c3006281a69aebc47def4ce18fc0a21306ec4b66e4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
2ec00e8361c97b11c2a0f1dd2fbdf20a

SHA1
fea801a850af99474bafb5a353c778fe59b95785

SHA256
fcbc3553869a86c6911e31d9caa27b8a73f16d0872586386e9c64860545d6e30

SHA512
1efe7203c9756260cf0829018e17d24674bb37d35623032f43a070d303740f2a417f2089a6db6a840d4d1e06be54d759cc01041e83a4af8190c86177d8411a0b

Download Submit
memory/1092-266-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/2252-242-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download