7536f16516ad97c9f2a08b9cf499013c6b6ea27c7acec8f7ca93c2ec88ef7828

Analysis

max time kernel
1799s
max time network
1693s
platform
windows11-21h2_x64
resource
win11-20240508-fr
resource tags

arch:x64arch:x86image:win11-20240508-frlocale:fr-fros:windows11-21h2-x64systemwindows
submitted
28-05-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

8.8MB
MD5

2675b30d524b6c79b6cee41af86fc619
SHA1

407716c1bb83c211bcb51efbbcb6bf2ef1664e5b
SHA256

6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081
SHA512

3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485
SSDEEP

24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614097598187147"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1952	chrome.exe
1952	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1952	chrome.exe
1952	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe
Token: SeShutdownPrivilege	1952	chrome.exe
Token: SeCreatePagefilePrivilege	1952	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe
1952	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 4820	1952	chrome.exe	76
PID 1952 wrote to memory of 4820	1952	chrome.exe	76
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 4960	1952	chrome.exe	77
PID 1952 wrote to memory of 1800	1952	chrome.exe	78
PID 1952 wrote to memory of 1800	1952	chrome.exe	78
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79
PID 1952 wrote to memory of 1640	1952	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea863ab58,0x7ffea863ab68,0x7ffea863ab78
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1940,i,18065227166502687672,5914301270595215266,131072 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1940,i,18065227166502687672,5914301270595215266,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1512 --field-trial-handle=1940,i,18065227166502687672,5914301270595215266,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1940,i,18065227166502687672,5914301270595215266,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1940,i,18065227166502687672,5914301270595215266,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1940,i,18065227166502687672,5914301270595215266,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1940,i,18065227166502687672,5914301270595215266,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1940,i,18065227166502687672,5914301270595215266,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
98c9f809b9f23bdd7996dd890ac5ca27

SHA1
28d358ab1d2325583687f537ae6a610ee5a40bdb

SHA256
0381ad9c1dc53030dab19e0659937b1478b598dd09c6ac7462988716ea9d991b

SHA512
3a66ab2ed01129ea5e72ea894c9ba769120b30fdfa1385f1b454cb91d09740d1425ef846bbf69d012311996f85de60f259ca4d729da769075d443a1b3dc6737f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fac38e1095a62969016d55e2ffa25cb2

SHA1
4e53c6c0e578c844728ee5a56daded2cff26ae12

SHA256
9aa80488e19aa98e1f23f11e687d4108f296cf6b265d8334f7259dc1be1045b2

SHA512
b91d24f6df7873e6889f1ae3499baa37c4f7114926b6e2b1db05f53cb44f6f8f3557ef90014e89ea20b4a2fdc9e8f61bd3d394a5bd470b7bcf566bc9fd768114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
140aac407784e1e5b3e860ed1706abf6

SHA1
1c54de916b6a84725042b798270cfc82730e35b5

SHA256
b960fb61589574f7507fe25ffd3591a0f68212ed2f97c036a102e16fac9fd4a6

SHA512
56ba19e91262448b092535c46c3de0fdcf7780acd108d6ce521efd34a833862cebc1c47034db72ac12f09c65f7fc4c5e2d86eb526dc82ce15f5b21d826f5d8fc

Download Submit