Analysis Overview
SHA256
191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2
Threat Level: Shows suspicious behavior
The file 191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
AutoIT Executable
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:56
Signatures
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:56
Reported
2024-06-03 12:59
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
141s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618929945213568" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{17B1F750-F0C3-42D8-9B8B-ADF7C3878D1A} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
"C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa056dab58,0x7ffa056dab68,0x7ffa056dab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3924 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4468 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4160 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 48a35165b939ca1c51a6955d7be2b740 |
| SHA1 | 8f380b920760a62e5f895621532522b1e39354b1 |
| SHA256 | 85a283cf2b5b019eb197bc69bf373be115a5314bf69c6cd2bde7539a21fe0a4e |
| SHA512 | 9551cf714f579eed36804a71b03f43a6f479239f64514cf93e621f27d23b23c906a48a395017d4d3bce59d116004985c8eb82a99e723377ad2457e6660c7e096 |
\??\pipe\crashpad_216_SWZLLKGBSVTGECNJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a1cf59ab0fc0bd30bd89ad0e2a1b2f39 |
| SHA1 | dd1e92899b6573c05b73cfa18198b4df5ddd5b1d |
| SHA256 | 59d5b76e3736ca60db074bac692fea81aa0120fe29b36b9b5c06231035ed316b |
| SHA512 | 1adf6e774dc7709ed869e739a52c19a8823cd471e3300d5a01715af72f7cc192d38024108e4c666c5ce017d056dd3b07ced33dd5259fd742d053e5a4e78c76a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5c2a0058f32373111cdbdd059b0cd00 |
| SHA1 | 7240d836e6f060a4dd65a55e1c4c9eaefe364e96 |
| SHA256 | d1c7b8767d1991fa58d205e47d0d52c6781e3adcd600f87b235ee36292d25e65 |
| SHA512 | 893df980585b84d30d1d102d54f121020e1baa7109cdd27cb24943ab4fbbced0bb86b60cc1df811da5ec94bc792189b8688ddbe14a6e35aedc0dc43ec282f286 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 45c1a3bed68883ff43a654f91f47d397 |
| SHA1 | 6a45b597c52b4644fcfca33248e7e07fd9fda4c5 |
| SHA256 | 170a83625955e4449c6228d0b1551fffbce433384443131ed8a643098d45a047 |
| SHA512 | 0f5979eb0e0b5547611514e4d64f401a5cb7fd1e80c62a9bea8f4d1cf35751721c5e1c3c7ba6ec8d50208f7081bd4d85cc3879a90d60c2e296caa067583577ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 8d00e7d4dc7d397510f5cdede6ea4b0c |
| SHA1 | 0a22f269f61b3b25d1dc2a46ee67967ef4b33b3a |
| SHA256 | 4999a81ccc8c0342e2f8b685712f9440c69c45f7826068051474265d9da324bf |
| SHA512 | 68c46e5c06f993f6784c937e91ab947c47e894ca33479884ee2ca445bd5941861c62642fe9042eef9ccce26946c3f9a034dc3a7b8ba347217b1de2cf43aadad0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d3862608044379f8b60a18f37910d137 |
| SHA1 | 195a44924b3369d62e3c503ae25412c7a3144cd6 |
| SHA256 | e5fb29112b54e43adab7b109bfdef29cf22e2fddd7bcd1183a7e1becd77ee64e |
| SHA512 | 342d8380e6355742b34d60dd9eb5b422a189ca9af1ed4d063ac61f561ef83281cad5959d8a2dad748fdbf47a9b8e37a7a098150a1697243b27077121ed695d4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 77bd51d85a16df5a2435d874b4cbe0ca |
| SHA1 | 331e11939d7af2a6ebfd04498f98abaebe0ae918 |
| SHA256 | d5d6e1c879bc4a69540f85aa508c58b15b849f7782c3bd8a745fa573aff650e7 |
| SHA512 | 39e00fdf0d0291e6a0c21c66d694b3439607af6af121d8834e61a2b0ff769a76947084d559e9564b8c976e3c95b10c1c7652f4be67eb81bf10b426b28e043b59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f750.TMP
| MD5 | de26d2568262654af3799ef283d8002b |
| SHA1 | d2a37eeaace3b3f85bd182cbbec499288074ce39 |
| SHA256 | 4159ae7fdf80e405d2331b35449a5d32b407fd821941a391b280dbd1480bb85e |
| SHA512 | 13bda046250a321cecf3b87dc0c4fa5c24c362eb4ff12076214066f3407c9b1f810e7c63c3101eb1f9ecd733765bbb91ff1f48a9e2e6a7ec6a65b8f2e4d24d5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b4be63fe25e993d7e1966fe7194d5f06 |
| SHA1 | 9ee82a7c801c9734fab91df49f13df0050f9917d |
| SHA256 | e1f4dcf838b052bfaf0af6d0961502bd46cd3e29e2411446156cd1fe0a5c345a |
| SHA512 | 946580071a380c4936b5949f570ed7a1f741b74f98a5b260f3fcee459adabc62a956760a8ff87d8af729a743cd700d40300989aa155fbeeafaba3d93925097e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0256aefe410f78f35b061a13a95482d3 |
| SHA1 | 72c54b7d02a3cfe34ab0265f8fba530f8ce4b99b |
| SHA256 | f6440bd603aaa8e32a1618580bfd2215a854dfe3c8b1361878564a7a9de7aafe |
| SHA512 | f9ffce6a17f603989848706215e74f312b87ffe982329585dceee595d55a03e9ace75d01750586cefe808ff3958579b9768c9f7d28890d4195b2577d90476f29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 44990e8f651f21025f790cc76606dc9d |
| SHA1 | 7f0233a0e21d60b72fce1885d88593cb2b4fa98b |
| SHA256 | ff473ee54e2c42885761ac946d2837b9f506388b09ecdbfe9e8cb90066cfeb2a |
| SHA512 | a82adc9e195d3c82b459e980a3ff5d80018588156bd2641c1b2730452882108add23fdd9da92485e135f75ef77653b3d2769c11a5c11264579fdab4dd17a85e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ffc4d52e259b9978e168053593211ce0 |
| SHA1 | fdeae9cfa1e043d01c599b6713c54e3d412e812d |
| SHA256 | ff58fc3b26c4d34756f0dbf8ec5f0348978dfef870615e3de823e6c1df18d173 |
| SHA512 | 478195cf45f4e6c7b445845b465c50a47bd23ec1e9d7e30c6b65b48733b142a76b38de281b79bae473df68ae8c031ee5ee8e1d72b7c707bb3e3d61a259751ea1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\526c5129-5ac8-463d-ad90-086020d58a3f.tmp
| MD5 | b21283ad7a0bd21ddbbace9f52b3a806 |
| SHA1 | 0e0a9c816bf51827f93dc460cd1b8071389c5f58 |
| SHA256 | 1b4e4a36ba41b66156839672e2f17d33015828c08ae16ebeddbd8ed20204b25d |
| SHA512 | d439a700fac34bad5c687d189b9bfbc435447bb4e5ebb2881543ef20847bbc9d3a6437ad6cbee8f4bf5b11cc5796009bc52d090c2bb9451ca8b15dafeff5300c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2983ec7fb872f25fa6394e1d6d5c938e |
| SHA1 | 6aeaba20e6f908d3b7f93aa0142fdf6b10676ddc |
| SHA256 | 005f434c0c88c9d696c67461f4185605baf44773e5836a55101cb7af9e4e9752 |
| SHA512 | 034b25c2b5e0a1ce70c8c4b4c2691314503e169f6c6ff6e9f5e0d8e3532fdaf6395933ac8dc011ffd7bae1b03eb0b018330bafd9bc034cb50b32b131b629cb92 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:56
Reported
2024-06-03 12:59
Platform
win11-20240508-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618930018769446" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{AF62BDD3-ABF2-40BE-ABDC-79B853D43BEF} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
"C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8af84ab58,0x7ff8af84ab68,0x7ff8af84ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4128 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4332 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4536 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3252 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.238:443 | accounts.youtube.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
\??\pipe\crashpad_4636_CYOEKADJCFNQFOZZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a2ed55223a2b844fee7fea910d352cfa |
| SHA1 | 404a461ad33ba36bb0f5d1e84de45de31b80c2e9 |
| SHA256 | c02529c105bd510b9407b5b71d6bea5880f3d027103d8c3a9660770d8b7043bb |
| SHA512 | ca05f0387c2dc26b0ce1320e04fca65efd00f7ae9487d72ab1c73a785dacd452f475fa30b866703b9bd23fb1382e58c76a98fbd436875e15bf7987a4d0df4363 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 63865e636655f21170b164f35a4db2af |
| SHA1 | eb8f3eb3db2de6dc421657336fb7120beb22f34b |
| SHA256 | ec4e0396b91a7f5c0e3e6021975f717d4680d1c12b0a71f659f8b4e6058b5aa3 |
| SHA512 | 1e72f54dd2fac3f2c21e26d2f971a5577ac2011f5647e7da74753236de8bc7c8afe7429daec8c5b6c9e861e701156d5ea57b9983ec4c1c65d37b02362cc7d82c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5f9213267f89dbce19aba4973a55a0a |
| SHA1 | c43b6c7ffa3b40e5281e7788fca8317dcae46ede |
| SHA256 | 5cab1d434fab7cca521faa6e3251a9ba1bc28faf62573638fb6717959a16f54a |
| SHA512 | 372b388f02926abf70987e0557e2a3114aab4b0d6d1dbd732c3d7bb7cd719fd69849d625ea4f7530019c59d1e6c859282b479380b6d05a5d6e2d53c2f86bd00d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | b0622ba6632922aed73ef90a64a30612 |
| SHA1 | 3f300c2c4b5fd7f94ab81c7d6bb58523eec52d23 |
| SHA256 | ce074ab5e4a82b4ea035c6e39ed70e72a22d56a39a4fec643ddab766b716c2d4 |
| SHA512 | 567396d9ad8018ad40f444d3e13c58579f20a583aa81a0783c971c40b58f41af7e7fd8a09eaa8969a36729ede380a0ca42ea7484f5600ad5f117ab02a91556f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7e551ac3fbf84f28bc4c2c3c0630864c |
| SHA1 | 2cbf7c22778b7240716f22a0e77bc117cb62e432 |
| SHA256 | a015e0fa98ef7e76ab9713e92a4756eb9a412d97709ee8cc3a4bdfb9b435f305 |
| SHA512 | e96f8de599b110c7e4f8a3ad9100d0d7d2da08d9cd8f08eee74f3462d73e94d6167f2b376e4116383e01df2efa4a3c055d68df4f3af00f194f20cbafaa079f6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c21f71a015c842c2b5501067d0ea5652 |
| SHA1 | 0c19c9b3894a0d57595b06811e8994222eb6ed81 |
| SHA256 | 5947d41ab53d7e1e4044ff5a420fa1dd36c415b0aa661bf1972bdef1929c20fb |
| SHA512 | d7dc7a9b79f6fd9c9ee8964897333c3879d817bbf3ddb8adc269f75b0bf27392b0edb83abef547ae585c7abcf48b149ec9bf6fa88f395e1024f8ecaa0a27beef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf0ab82b34fe6fb11c82b93e9cd2d72e |
| SHA1 | 9237e80c9de2d499ed2a276f7ecb9d6f7d80c176 |
| SHA256 | de8ee4f1a7a23d2a43f09f3e46a72ee316cef5ee91c111037e646af30f4320a1 |
| SHA512 | 27c9859ac0196e8594f2282625205e755a00063982735061c724fd273aaa28a7d98bc7c82f5d1decafb2186c166f62b059260540013f1bc9ed7ee624cba879af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ebfe1b24ec5948001955b9deafff890a |
| SHA1 | c326ccc430e5aa10d5395993d813fe0ce54d5ef8 |
| SHA256 | 486958250b7e51fc249cc39d004eeb96620775765e2e1e58d0de94daae6ddb8d |
| SHA512 | d354d13c68f0cf7b8bbdfcae13b2d95f9b476765c98d13e2e5b3dc568ea8ad5df264fc23558ad69cbcb0b584343e63804cc4b25fb4eb843a6d2919a4a937efdf |