5f03867193f2685b72dcadf88d1865d5890c60ee80b6b436c1ae2e7c297ed62e

Analysis

max time kernel
1801s
max time network
1802s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 18:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9fa206e54997dbf0517d610463f1a440.svg
Size

637B
MD5

9fa206e54997dbf0517d610463f1a440
SHA1

591bb76dc0068ede760a0249b496be6b9e5d54ea
SHA256

97d10f0da4fe8425a340a15d54d29a7d99acdef4f024e57dbaa5465d097dd9a1
SHA512

f0dadd7465344538eeec142ca47686d37f051b3f57d69cacdac5be876493dd88ae5ad70bfaff6d3a37418cafda080421f8b9a8efa1e651968780980da30fba51

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614818432437651"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1140	chrome.exe
1140	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1140	chrome.exe
1140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 3532	1140	chrome.exe	91
PID 1140 wrote to memory of 3532	1140	chrome.exe	91
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 488	1140	chrome.exe	93
PID 1140 wrote to memory of 3988	1140	chrome.exe	94
PID 1140 wrote to memory of 3988	1140	chrome.exe	94
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95
PID 1140 wrote to memory of 1848	1140	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\9fa206e54997dbf0517d610463f1a440.svg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa5d29758,0x7fffa5d29768,0x7fffa5d29778
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1864,i,15257409174015916839,5511312956941991824,131072 /prefetch:2
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1864,i,15257409174015916839,5511312956941991824,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1864,i,15257409174015916839,5511312956941991824,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1864,i,15257409174015916839,5511312956941991824,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1864,i,15257409174015916839,5511312956941991824,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1864,i,15257409174015916839,5511312956941991824,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1864,i,15257409174015916839,5511312956941991824,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3736 --field-trial-handle=1864,i,15257409174015916839,5511312956941991824,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1250e47534bf24dad6ec0bdaeea9d58f

SHA1
28c9b4ea75f8d735cba77e085ebfd03a6d4dd521

SHA256
7ba32e7cf93baa9669f0362897d202e9b6210dcbc3e943006caefccf2d4828f2

SHA512
ff6dbb7f66f7df494fbf79afc22759bbf3430a5e80d20dffb7d3387d5887ca27ec0ff3f74f83c4c716057ceca9f638047c1faecd5f0a734766f6bbc8e84940d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad165c54625c096d3e0d285d3dc60514

SHA1
59a92defca0bca481316b88df79d17f5991a1fe2

SHA256
fee94e5ea2c52f4cedd231c99d8ca46fe11d3bf8d1f7634ad59e9f30078c4ddb

SHA512
6e936f636fd784ce81753c0551c0c02cb51c10121cea8794de98d9006ee2fa996fdacc6582c689d06e21658b1e937e1d3b180fa9f6fb670bb822585124947d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad2b566b68575c038fdc24006c6054cc

SHA1
cb21f0031acc734d3a52b5f07152a8e4c4763375

SHA256
656bedc8b4b51dcc77d8a09f32d4988ba25e3984b9c0bb1f84fede744a5fcf61

SHA512
640d6888077f2ed6e6363022b1cee2b6a8253ab13af219d72a221c2e10da1d7573200c4fbb1315a702772afa63c86e4f3663a7db23cd3bc79939d3a65d978edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3a184f561e9c07883be87cfcec073b45

SHA1
595c7907408a79fc16e8e8d16378602b8d09f177

SHA256
be90b92dd4f103047e5f7ff3fc36e41c6932c25c5c1d9e9fa8db4509d337252f

SHA512
be7fb3754acb0b02dff9f589fdd4fb76768dfb2de5f2deed8410b10c356ad78718d4b701355db85fb8f86f10ce9d1fe63a9b019a900dec1c61251842a190d83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e48e9f6e6c259385fc729768ac02ce06

SHA1
ee3c6819b05dd1bbc4613b9d60ea39a04dbee344

SHA256
4d20fbbfc15e5c28c114fee01071db0149dcb1f46e72367e98d38e7c621428ba

SHA512
2127e0601f9406f96e448123aa5cadcee989f425a30efa8b04dfadac02b8d2b997208e6dc79bc08215c9a2765b2e4c3c1a76f961086b14cda883d477e0cd600e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit