c36585a0e0d13c9b6df52abf21294be289f18785a0756b78c8ced2d048211de6

Analysis

max time kernel
35s
max time network
36s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28/05/2024, 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

htm.html
Size

451B
MD5

5b1744a754d4719a728ac41b5155feeb
SHA1

532acf1981cf6f0ff0cf33b18b83089db3278448
SHA256

c36585a0e0d13c9b6df52abf21294be289f18785a0756b78c8ced2d048211de6
SHA512

26ba11942c9abd7cd1170e657e62f36e9e83bacc43bea6712ef65d690af4b5f964f1999b3b8f38e32b3805d7e7706fe29a1f1c09eae3e817eb184d95e002cb75

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	href.li
10	href.li

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
41	ipapi.co
42	ipapi.co

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 3304	2156	chrome.exe	75
PID 2156 wrote to memory of 3304	2156	chrome.exe	75
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 596	2156	chrome.exe	77
PID 2156 wrote to memory of 3572	2156	chrome.exe	78
PID 2156 wrote to memory of 3572	2156	chrome.exe	78
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79
PID 2156 wrote to memory of 4392	2156	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\htm.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffcbf099758,0x7ffcbf099768,0x7ffcbf099778
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:2
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4836 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4960 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5068 --field-trial-handle=1836,i,10087094665486086535,7090306484771252622,131072 /prefetch:1
  2⤵
  PID:1036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b7827b2b4ae16c8f568850d75d7c6da9

SHA1
83ef50542b2235d5b3d4b26471786b8b56153563

SHA256
4c1138b28fbdea615d97c56aa3bd3aedbac7e28b1e3babcfa928b91ba3d65f3d

SHA512
322055a78dace36ca73b568abb9c9c668a8d61d72da60f017e544867559a3dec787b3df08abb5b83e0c16779c62811c91b9d83fa4d20fd37c6ff7969a43d4646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
e816e3843f198cfd5a0094483a6d0eab

SHA1
f1e232fb65924cf29784af60568e6bf7d3db8294

SHA256
d57c2217d49fcbbf6cb664acff8beb960334a876af95b45abe33cd39ea7ecbf7

SHA512
e6fd2963fb018113328ca006948b6f1eccda8b8bc528b6db396ad009eb8e1ad4a2ac6ae0eaa0dbbc42a39fb0c0836427327dd02091b4f1156bbe892200723752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0a42f94ac24620cc35c8c45eb30092f7

SHA1
03fd1ed778cb1f58aa79b151c54e09d450ef93e9

SHA256
ac54d3449ab67a07fc5f1e9cb438586aafa01b29e75db1ead64b27faa73d70d1

SHA512
8f00a80651121a95541537c8e186a969d317bb6a3aa1dab3fba064ae348d11f29c517e7a2b5a82cda28af489ae672deacb13912447317e698e681e0b189a7267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5baa3de16e0bd51f304c4fe8f322e981

SHA1
eea4be00e50e36c13b47af838ab1c4740d96945c

SHA256
8f7de02d3bf9e877733bfa4b8cc3311f74fcd4924a484431afa6a99bb5c679ba

SHA512
b8262c3364481af5d38e9ee30cb499b587c50578d21c95b458b5f0a859e83575bdd74aef2aa67190e43416d1e1a9983b087def08e8236a4ad731e0beeadfe05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
82f96c33667717cf26351f03f31cfeec

SHA1
18fcccfdbf485918588a62fde52acd4fe211f2c9

SHA256
1a38530bd831f365dc0ed8d32a42dbf13345292545609bd28d6a084b02c6d1d6

SHA512
90553298b1aefc39b19e64adbe64de3b9f30b68f4ef4e6b2143493446fd157cf5dc0dffce5604bc6df9dadba0594f5025fcfa4c95a9b19eac3f4091d35a31ea1

Download Submit