ee13fd2e33496817feecea4c8224ba3fe341422bad9968fce9bc695a5ed2d35e

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24/05/2024, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

unnamed.webp
Size

79KB
MD5

430e71830f0c4a1e83871ba9312f11e2
SHA1

91d56d0591e98c81a6d37ca205f0200c6bdca3e8
SHA256

ee13fd2e33496817feecea4c8224ba3fe341422bad9968fce9bc695a5ed2d35e
SHA512

c06d19207972e6373dbbc5e9770d9195a099f2f2467075ba0bb52ffba5a7b9206c58e2062ff789b6d47af73876e1d0af0b3bbcf598c49c5b2467b09b8ebc8d79
SSDEEP

1536:ibX1wN8wgJOKjGVDxpaUl5yiDxBryjnxj7DWQYEW:izU9gJcJaSkgBGlDWQYEW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610442678147395"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
824	chrome.exe
824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 2740	516	cmd.exe	74
PID 516 wrote to memory of 2740	516	cmd.exe	74
PID 2740 wrote to memory of 4992	2740	chrome.exe	76
PID 2740 wrote to memory of 4992	2740	chrome.exe	76
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 1400	2740	chrome.exe	78
PID 2740 wrote to memory of 2860	2740	chrome.exe	79
PID 2740 wrote to memory of 2860	2740	chrome.exe	79
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80
PID 2740 wrote to memory of 1424	2740	chrome.exe	80

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\unnamed.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\unnamed.webp
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffffc219758,0x7ffffc219768,0x7ffffc219778
    3⤵
    PID:4992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:2
    3⤵
    PID:1400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:8
    3⤵
    PID:2860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:8
    3⤵
    PID:1424
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:1
    3⤵
    PID:4580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:1
    3⤵
    PID:4880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:8
    3⤵
    PID:4424
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:8
    3⤵
    PID:4756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:8
    3⤵
    PID:1756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3348 --field-trial-handle=1772,i,15672539275212650871,13850588011608826827,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
602B

MD5
584289d3a4fa257d20aa506e07974886

SHA1
57e2247d3b66aa948d31bed5107e0c017d0ecf4b

SHA256
2244fc339e7e36c95b7f6d177a3591ad08437765907c00b76d7339b8f89c7d1b

SHA512
076d981a81b95d597e5117c4bdb1be850d750264c032126247b7112cf560020941ac5be51576e669cef7d9e67509783b8aa9e2db208c759ddd3dadbfa6ceae2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
54583987cabffd7aeeb23c7432b3a778

SHA1
e614bc00f9476d4ca28a77d3fa37d0a0aad80da6

SHA256
4129cecc5c7919f1ad543ade3d3ac18551c30b881b707979b75628dcd99e74b9

SHA512
f4e9fabfbf00b71774d22ad8ea5e54b1cce05b3e08d536e1d8f50d738731e80e60fa708f3441fdc5ca77df0a1ab9f9662accf3e2aace0b529150d143ebc135b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8a5d880ff51a9d315ee444b3b2053461

SHA1
5d95f107ad6c30328199d329dea207c33bc0d94c

SHA256
b0554762c7350d242ab17d0b6882d899b63c14cc9810ca1b31c97c668e8a79b9

SHA512
c1d7307103e82f671c311eadcd33bc301b1b508e38de3f2b2fe7dcf25b833b857b8770e20125af494639035f65a30c402517d73698be464e7373720dc07461c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f26c05ceb09411a5d0253f9f74f088f6

SHA1
c6fea62ef58d520d2979991206c08be966247c10

SHA256
d174c5cfa18d1bbff22564920047b0729331c0beedce7ceca924e2198dd85775

SHA512
5ca1d60201a4f07d058586810220c00f236ee7ac49363dea40b9cb96f78a46ebbd774a0a5a71e84ac34525580d8409b9b7b09cdba806330871fa76f0fb9908e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
e5cc6f5807ae93c2bba0b2d0f089b824

SHA1
8f519596d51df30eae544adbf2ef12f568228233

SHA256
3a0810401f57eda8001708be6dd081f741ab8ffebc0161687fe56e192b0eccb7

SHA512
8a8c6b0793353dec3ef31602adb817678bcfe894c21534d52cd3104fcc5ae685d4bb5664ea4021a369aeabe2cfbc6dbaf92077dcdbe63f4ee3d28cb7ff06cc37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
f80692973c8f3a828007b27d66cfc11c

SHA1
5129fbd7c63e877ee3871b3e4393242d9c4850a6

SHA256
1b4556803ce0b79d082744e0f7c675222c7d46fcbc7556299897b688f85f639a

SHA512
de31e39a5874d8a2e5f3a3f15cf436ef121de8621375034c5fabdef587974fe2dd897f7951bc6c19ea47e10b21a60222f2a5747fad1b0e579c5e4fe46776a441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit