Analysis

  • max time kernel
    1800s
  • max time network
    1747s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/06/2024, 16:35

General

  • Target

    https://docs.google.com/document/d/1qEIcfu8KfmdmAQ-6NRVk3HF7cxAZgChuRTc4lsYYoBU/edit

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/document/d/1qEIcfu8KfmdmAQ-6NRVk3HF7cxAZgChuRTc4lsYYoBU/edit
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3568
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b7eeab58,0x7ff9b7eeab68,0x7ff9b7eeab78
      2⤵
        PID:2892
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:2
        2⤵
          PID:5036
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:8
          2⤵
            PID:2752
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:8
            2⤵
              PID:556
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:1
              2⤵
                PID:1792
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:1
                2⤵
                  PID:3088
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4176 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:1
                  2⤵
                    PID:2032
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4356 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:8
                    2⤵
                      PID:416
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:8
                      2⤵
                      • Modifies registry class
                      PID:4332
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:8
                      2⤵
                        PID:2308
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:8
                        2⤵
                          PID:3488
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1724,i,1327828304961192595,7851507033548597386,131072 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2728
                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                        1⤵
                          PID:1692

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                336B

                                MD5

                                abc6813d5d6dab6d7c76fd3b7ea8ace7

                                SHA1

                                fba7fa55862b8b6515ee8d0a9952c4b29f4c4bd7

                                SHA256

                                4b5fdb8feb5f7e78e3bac648d24b9b051b112facb09a386d7d5161e8e8f8da65

                                SHA512

                                b93e2d0810110eb6175dcf4ce976131238a4cc389272f351a4756ab86322645148eccca05954d25754cb45497f72f9a1db391cf0a84fff2856ee90dce365ca7a

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                6d1857b8996a0020b563b59680b7ee6b

                                SHA1

                                b3b9ac2b7f4015666d209982d3ad37f92ecd0554

                                SHA256

                                999454c9e00778a5f12192d0f96f72a37734c9ed5421c036395287e817201892

                                SHA512

                                eacb4cdcc22584f15aa2313f29a2e433ab591ee6fd2e134d845623467ab9c2fa4f015f2aef17c0e482e998cb1d804ea30de69fa4f862fa48a8b8eed019f851a6

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                5733978e77ff736ade951fef5773fdd0

                                SHA1

                                e1d28af1e03a7b27c4ac0de5255e4db975fc5cb5

                                SHA256

                                6a26042abd6433286ca4b195d90062ff91bf8e05006a17ef78082de6a7b01df0

                                SHA512

                                74ba74d60bcca2219101c2602170f0874b7629fb49afb5e15c60d9216aac33299186b08bdf3a3087eecd7b48b739164339605d1dcd027fd5765400a25c9cf711

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                02fed07911f93520db39a0553f8d757e

                                SHA1

                                02c92c837370edee9ea8cc21deba5fd2d8791c14

                                SHA256

                                343526abd10b5e9659b37cba94ec7815411acb47eb3aca2a735e3d72093fd7d6

                                SHA512

                                1a8c8542b6002a83ce4f0010eff83d302b02cb6515994a4fbd59053d6246a035cdf023de34d7e596e982e970021ba150065c75439aea9ab115b8235cc95aa7b4

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                f5ba2c1076c3eaf5ff8dd5c6dd942b6f

                                SHA1

                                75c87b58f2fe1ec0dcf95b2efb970235e463104d

                                SHA256

                                ce3f5479640a450c90e651aa91de7c5b072c6a77e5475f0010fbc00410d9cb20

                                SHA512

                                eb4dfab429aa0ca577cb7b7649ae900be74738e97e9145ca6ee7abeede1c2885d75729b6537e9959775d7e218eaa784ee708ffb227e7be6cb736f3e477edd6e1

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                0dfe79cf385da841bf5957baae96d8df

                                SHA1

                                99c2836d9e314e5597dd67c0d1b9ed66eb37f03c

                                SHA256

                                c83524c202e9bad3fe372fde265942502acdf21395e630df5f25caccf0c108d4

                                SHA512

                                99be8097f3924f20533ea4c379310f0ce8c9daec3b1ae872e125d157d59483752b6f02f6b66933c6b51b44cd4e6bfd973a05844b5a50ac1749bf69443e82adde

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                c89836c38922f57a7fc01dbfcdadcf7d

                                SHA1

                                3981c02d2fcc4bd2a5f1f6911bc6ecc8ef15ec4b

                                SHA256

                                efb999ba7691c98854fd5dc9c642affbd8da723381d8a79cff15ee624d74c540

                                SHA512

                                a0e63a0ee39ec60adad4c3758f24e2041012fa195db46f88a175504b3b98d79168d153765a5a10aa9e8783aff8aa5c6d91dff37164dba2fac63244dd24c03d10

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                523B

                                MD5

                                7e470ffa84b86a1cdfe6e7db7638be39

                                SHA1

                                9a8cc22a469652e703556da8f4f341b86d15d394

                                SHA256

                                f3f0abfa5e7844e8134db5adfb34a817ed3348866716fb6726a07f4956ea3bc3

                                SHA512

                                9fbbcf5311f5df0dc824b7619e07c101a72b1647fb4641f71d90fddad29f411a3973e040deced6851f2f076ffe958180ecb3a56fa21e31a3c00f5932a0790e4d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                523B

                                MD5

                                6a163508fa9caa5955a8942a3d3560a5

                                SHA1

                                585c4801cb7a232cf3242eb6dcf4ba3a673de0c2

                                SHA256

                                ffbf26e2663fd9fb95c6ddae0ea62e7696c5e7074b0bd94b331167ec3f31487e

                                SHA512

                                6e07e48964bb2451debbe213b1745d84531cc2cc995c4406e390cffffce50f6cef949888fc3b4664010a733e07b76aef8d4b039332ed274432f058f79cc193a5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                523B

                                MD5

                                dc2dac545cf976bd80db12e8d7a5a276

                                SHA1

                                1508e51ab17427e2686c648ea0b7f66e765f5a10

                                SHA256

                                067b5472286d0d99f48593b318ffafa545f58b8350ba4769ded8e9c17c251561

                                SHA512

                                4ab52447b3255d8db8cfae24843aa24e0b6e165eb8f4dfc01295c78965c7afff53c27da46ef59ddb3778a00b794b4de9b8ff053274bb30f1eccdb77509ce49c1

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                523B

                                MD5

                                e0f591c2cf93cede21885699824ddd67

                                SHA1

                                fd8838bce58728ac4d3fd6e44c6f7806066c7ccb

                                SHA256

                                3fe17dfc6091df2ef427642b35f99cabb78e14df67ee56afe9927a21104b904d

                                SHA512

                                c8c0c2ed32a68a09cb7f5d34b3dfd2338af5c942e7cd1490ecb35e0808213b11c3a72f276e7307450237b9fda71244b860fcfd639d610f37d72489a04f3643f5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                523B

                                MD5

                                bc758340ad52cd9125f79d01913caf8e

                                SHA1

                                abd8dca4bd62c8d9db658067554046d28c0d2833

                                SHA256

                                0516e278a3d8ddd2e4bd7c65abecb507371e6c2f3561143815e18e4c6988dd1b

                                SHA512

                                4b89c6f73c5ed5464ea76e4bf1e4cd9d130a24bc8a9d5606a9b7f9f1d884568b4a2300192caa4dfdad5912a6610075a35c7ae0945c94e1170f71d7a841bc0a62

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                523B

                                MD5

                                540dfb4d243ca7d1791dc22b6f01ec62

                                SHA1

                                696013fef1f7c77d3ab5e3f6ec57d532a02b58ee

                                SHA256

                                6f4933bae824c5d2d48e5a27218333947a6f9f2edef06ab0758940c8a0ef0005

                                SHA512

                                7d6676333d969a6ac1fc43dfab9d1424bb5abf2cad6938865106b66b9894cb2e000cc611834e5391ee716aa5c33f3ee60c13192e23631665f5ddece722b03b7c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                523B

                                MD5

                                e243e436ec9d9dac15b607ed38c98074

                                SHA1

                                4e02277069bd2cfda16555234ef2d16ea9d9b4cd

                                SHA256

                                4e7aa3d170a38d1ad8a3b4f4d96b0f13a7b2afc925996fdd721148c5b44bc40b

                                SHA512

                                ea0346a6f107b72ca12d0628de866e068f2543b9fe082b3f85a83ce5145063bf251eae1ceabc0e50fe09f168ae892f878d1cc104462740049e5455b8e8b2ff60

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                521B

                                MD5

                                8147da9c7c378af2e5817647921c9dbd

                                SHA1

                                05bbdb891a233e2622785ca9245f18b134c8cb4c

                                SHA256

                                d0bd67f6bd956b08744b4437ffbe0653d7d4e39658e8d9a58292f23da75e4d40

                                SHA512

                                489b64e52ef2ba4c36bdf185228f3cd435b3304baca3c1f1041b10db7f249f069134ed7061fd79931ed96a9d73700219293f8947e27d9e3faa54aa82c61a399f

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                e5e8c6b231d0c99fb7d278217b5c6802

                                SHA1

                                5e161760d7c621c8d93db6092bc00a111d50c32a

                                SHA256

                                652353f2658cec84c0b7b195b3c5f385d91b9dbffde645ba39e63e4fe171caed

                                SHA512

                                5b4f8986566c262d7d49d19fe4e19b80338fbfa3c85c990fafe510639cfefb55a4ff613b0edac29696e5210c5e2afb449c1b0aa7be38ac6bc75d023a6965aeb8

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                256KB

                                MD5

                                2ed5a51648c50a14fa4aa2e5a9bb80e0

                                SHA1

                                9853f7dc8505239a0eac37235638ad08d5841cbe

                                SHA256

                                1ccb30c8549f4b3adcb959a7a04bf41bab36a445e4a85e74a732c225ccbc3814

                                SHA512

                                222e8fecfb00c9fa795c8212d9191d39433cba9a231993cf9ac1d8027f4401541b0b9aef692b15a2190d040b7f885db8c1207a274a2fb743f8df502153b0c008