Analysis

  • max time kernel
    210s
  • max time network
    209s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 20:10

General

  • Target

    http://gameplay.intel.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://gameplay.intel.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e7eab58,0x7ffa1e7eab68,0x7ffa1e7eab78
      2⤵
        PID:3840
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:2
        2⤵
          PID:436
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:8
          2⤵
            PID:748
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:8
            2⤵
              PID:3964
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:1
              2⤵
                PID:4104
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:1
                2⤵
                  PID:5068
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4232 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:1
                  2⤵
                    PID:1980
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:1
                    2⤵
                      PID:3548
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:8
                      2⤵
                        PID:3832
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:8
                        2⤵
                          PID:4668
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3904 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:1
                          2⤵
                            PID:3716
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3200 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:1
                            2⤵
                              PID:3384
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4108
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4420 --field-trial-handle=1904,i,4615105528414950352,10479072438185726827,131072 /prefetch:1
                              2⤵
                                PID:4516
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                              1⤵
                                PID:3164

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                      Filesize

                                      206KB

                                      MD5

                                      f998b8f6765b4c57936ada0bb2eb4a5a

                                      SHA1

                                      13fb29dc0968838653b8414a125c124023c001df

                                      SHA256

                                      374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

                                      SHA512

                                      d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      f67f65c503e98ef91982098fcb65e8e7

                                      SHA1

                                      4069685ae8f7f50aee74b5edb62e52614360e0ea

                                      SHA256

                                      356fabe886f347f978b0c046dd11811570f77853bdcafcb130cfcb1bd499477f

                                      SHA512

                                      c0ba8f7d703aa152a532fa7d6e7d3082a0de7583e4d6231c8d89ffd605e4cf2d0684b26b4f4918f49c03066ff25cab900b005ea4aa4dc622eda58856f204ae7d

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      934B

                                      MD5

                                      17c89edaa6e48295ac26379d4a6eeef8

                                      SHA1

                                      ddab0d4f88f96c127383d282f65e0a7c3566a8d4

                                      SHA256

                                      ec9090f7e56a5a6c1f9c75a70b5dcf8d62ad37650d8e189157a6fd2ce75075e8

                                      SHA512

                                      6fe811c0fd81ba2db839daea1c68a69fd6016ad2910912d01902c1a1a127ea8bcc6acbf5f2c6c850c6e9a625fe8f38485d2a8b5a67a3f92ec6d5791b5a8846de

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      518B

                                      MD5

                                      02b3da798b774b77efd3c02ef6279878

                                      SHA1

                                      7549ff64c6de37462894c8ed2f120a56fd1e96be

                                      SHA256

                                      558662e30d628b7ec3c26483f6942542cb54f654deaf9b3a50492645c2a3079a

                                      SHA512

                                      4e3e4fd47cb963b662fdac1a131f198f304cfe4a85bc58bfdedb5993203d117d217acc2804bb06e52b43bfc72c0e44bf4f296f3c98a9b7a769eaa1e447cd59b0

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      518B

                                      MD5

                                      4ece1dd08fa8cc512359f81305ed94d9

                                      SHA1

                                      541bfee89e5f3f11805f4a740e66736bfdc0b71c

                                      SHA256

                                      80d6915f2b51c4e8db70679189e726001ecba4aa9cf9472d5482c3f0d6584969

                                      SHA512

                                      72d666860af30776c5768df1fcc52d3007a1bd77c345b7600195b37b3dce8ecf2da6eef18d475c6d0c611498c53574cc0435ccd959af35b728c10015b75e6c28

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      35a5af5a48677d9028d74f15242e8e24

                                      SHA1

                                      e422bc448df95ab02625fe01130d1941ea49701d

                                      SHA256

                                      7ef9b286b5b39470010d1f23c1175f0588c88755e0e3aa0bb73cdc6650115801

                                      SHA512

                                      b352d5310dcccb1b35146d88c84769c692064dca0d177ff5042742266a590ffe1254bdb3db3d901b7a5fb83af2b318105bc4e6164ee08515b09f48c3db995f00

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      56f73b0e1ad699200b19d990687474e2

                                      SHA1

                                      ae40548698d634701570301b84a91a505f4c6c90

                                      SHA256

                                      88fb53fed47c7507aa9059e5c92cefb302a646b8495b734c965bb3f0fec8c777

                                      SHA512

                                      1c2ab80937a82db3ac4cc53a9745f161e259c77f7049979be0502a3b2e6dcc021457cf053d57c934f35ccc11bb257d0753a6a45fdc7fc6bf63ca0d0763b511b7

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      8f18c9ca2976777bd8a4ae8e2a6e70a2

                                      SHA1

                                      8d05d925cdcc76f85edeaa065818de70532cdafd

                                      SHA256

                                      7a690342ccdb0e15b5e11f772e4085dd57d0176a93b8109e70a721ada6df15af

                                      SHA512

                                      b40ffff4c453f755563089bfbdd673793ceaf7638b264ae00bc723d42e943e8aab0c8b93dde36c59e119be76ab1e4731b572b80e0fc8b715766fa6657f14835f

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      130KB

                                      MD5

                                      107cfa63a6d21474c61cc46494d2a8d8

                                      SHA1

                                      a438abe2265bbe93a88a30b59c759aa6851364c7

                                      SHA256

                                      cac0302a34e90d56e8be5bdb4ce212f441e915d1832e9079f32f3477509ccab5

                                      SHA512

                                      3848a00762b76e5606de766eaf6fdfd74d2598659a7bf6d7be9ecc1568d7f645bf04dd5bc815c592fb05b6deeca1412e7ff636b0d623247138220ce84dc30472