8bcd6a9ee8e4c396522298adcd54c1aa97bf8610e2b0651481b87f2a2f153497

Resubmissions

29/05/2024, 21:01

240529-ztxblahf8x 1

29/05/2024, 21:00

240529-ztndpahf71 1

29/05/2024, 20:56

240529-zrenrsad39 4

Analysis

max time kernel
1799s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
29/05/2024, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

20KB
MD5

e73bbce52f84572587eefa8ca20fdacf
SHA1

6447ff8dd98bee04583635c91e6ae8e5a9b2f113
SHA256

8bcd6a9ee8e4c396522298adcd54c1aa97bf8610e2b0651481b87f2a2f153497
SHA512

f1ea5dc6c3bb066c0428c223b40016ec46e9a59871722d70000932e9b17897748d6d182ef41b06cd3a93873d1dcd344dd939e3fedd432eeb0963dd901d39fe6c
SSDEEP

384:rsrWp2rEDpmReVoOs4mi9ylKeGMQUKlHhhb4Qm7Bo2paWhOwob05A+N28JCdJn1:r/pGEBVoOs4mmyI1MOBhbJ4AWhOwob0E

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614919968997708"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 4956	2756	chrome.exe	77
PID 2756 wrote to memory of 4956	2756	chrome.exe	77
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 1432	2756	chrome.exe	78
PID 2756 wrote to memory of 3924	2756	chrome.exe	79
PID 2756 wrote to memory of 3924	2756	chrome.exe	79
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80
PID 2756 wrote to memory of 4384	2756	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3369ab58,0x7ffb3369ab68,0x7ffb3369ab78
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1856,i,12559957526429165919,516126522307713641,131072 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1856,i,12559957526429165919,516126522307713641,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1856,i,12559957526429165919,516126522307713641,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1856,i,12559957526429165919,516126522307713641,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1856,i,12559957526429165919,516126522307713641,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1856,i,12559957526429165919,516126522307713641,131072 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1856,i,12559957526429165919,516126522307713641,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=740 --field-trial-handle=1856,i,12559957526429165919,516126522307713641,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
852B

MD5
a9eac4a1111a7203d3bac183f2ed0c02

SHA1
f92705dd713a8253b6a3b0cf489726ec0870ba70

SHA256
58453a43613f677a4f42dcc4d360b5a621054891979ef21a8c46b173d118b7a0

SHA512
e5f76edc15d313dfc718d092f0f954f8cece9cb37f78e4ea6675514dfff11c77d061e8d9486cff352ff83fc926e7db6a67ec774ab28d51b6a299c7e46294631c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cc438b59a14381909c72376586289186

SHA1
1fe4fea588c4e02ffe2e65bd2f4cd0ea2ac76058

SHA256
b3eb7d67d484c580de2d79cc5ecde42f6b208039e8fe75b898d4ab5fb949f898

SHA512
d24837c52f9d870f7f5ed2bdbb4db830154a22b37abd9c1abb6043330c874cf34374d8cbac7d9b0189f9b843e87d668f0d1d9fa846394b85854ca4593cb88dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b8d3e88e430bc51f5d413a5bbea9c974

SHA1
5ee124bcea6d40237c896417c8ce462ee952b28e

SHA256
eaba3c0478e72e4cb815da2142a2e922afff15b0f9111815e264d6b0d04fd298

SHA512
5723616e2520307e9b9570f06a0a1ca5e353c75fa724437502dca4b56fd72655dc6b8579f1fc6234611e0bbfd0dca5bcff7f66ed000c60bee4e3f27462c909fc

Download Submit