Analysis

  • max time kernel
    1800s
  • max time network
    1685s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-06-2024 13:00

General

  • Target

    results.html

  • Size

    882KB

  • MD5

    f1b7c0d1a84aa90a5d0254062e95089b

  • SHA1

    dc87f17626e93219e6b94d2cd6dd39a0f25cf7ff

  • SHA256

    ee2efd159aefb0f7c0a51507eb54552c33d26991692afe55a36729f3f374ba8f

  • SHA512

    84099c951adcb6103ef4c1a59126209cd050ed9e7044da0edc055a75508ee7abe20064487bd0963efd2f3b7f6536b273203bbb3184d327d38292c99ab3f76926

  • SSDEEP

    6144:Ofa5W25Wo5Wz5WO5W95WD5W15Wa5WY5WjsmytZsNI1FWVhSwj//M+VpAjF:OC5L5r5s5/525s5o5T5p5sFKw7/qF

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\results.html
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf6bbab58,0x7ffaf6bbab68,0x7ffaf6bbab78
      2⤵
        PID:1340
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=276 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:2
        2⤵
          PID:3628
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:8
          2⤵
            PID:3568
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:8
            2⤵
              PID:2296
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:1
              2⤵
                PID:2372
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:1
                2⤵
                  PID:3392
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:1
                  2⤵
                    PID:5100
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:8
                    2⤵
                      PID:824
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:8
                      2⤵
                        PID:3480
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2180
                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                      1⤵
                        PID:2220

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        7bbcfb37a367391e30d6fc7fd86c1d28

                        SHA1

                        5b974eafcf1980f83aae52930e3f6eec00498047

                        SHA256

                        ce5d03d4c17fdbd5bf0f0790021011476a1e3222cb28f2c02b6961974fc5df1f

                        SHA512

                        071d99a015964b11371d0711f8a8325d07db39f8c21bf0646ab6bb800444762a58217270030f99651c4818e2c98313b4e1e7da25a3fcb6533244cacb87ebd554

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        18ef53aede82d5a0c3e51fbfbb3956c5

                        SHA1

                        6d8d9c18b32211bb2800e93baf52ead37887be3c

                        SHA256

                        63994ea29c381bf682a61d12d0af7ef938f7f95789f63119d8295d03421e9169

                        SHA512

                        dad8e792bfecfb025595928de6fb5b511e13f31b258c515cf26cff8537f6e1b57211f6f5c25ef1548324abc419be3782e2810072cb4d0052ab3f8ddd6ad6e1f5

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        5e084038822688e6812351994a59baec

                        SHA1

                        9a3d2a8dcb5c3e8d84ab2ad5d68dd29b821cf983

                        SHA256

                        ea4091cfca1095dbe4fe2811c1c8c95320abca1d27d968a127db5c2482c71811

                        SHA512

                        83c4b53297b8b403c481b5f209f31ac8ef0cf6fb9137fa9f01f4a7773165e23a69c3eae6cc3c72db93d6587df76159e2ec4690251c2a8856b3e0e8bf84ad551a

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        691B

                        MD5

                        abc4f282f4a4d3febc61fdec8aca5605

                        SHA1

                        a109d426a32862f8fa7c0eefa81099eb35aa8763

                        SHA256

                        15cb926c2192352f40e5431e493dde86adab4374fb69a71d7c076f72fded3fcd

                        SHA512

                        f04dc1ace8a62a1ef3bec0cd2dd516f0cee3ac35d8618de178b95562be64cf1c6f30ed9659bf4ef0da69add4e40c9e309f312dd60ee541dbf022fe2fccec3278

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        32ee6b9c2e1d5adf4c086594aa4a6fd8

                        SHA1

                        62a307e2bf957297ea5836543059b84be8ae9a44

                        SHA256

                        49d973d008108d01bde5809f0e1147ae3e5e938644041661d36b0f352365e525

                        SHA512

                        6f6041dfe1158139468785fdcbbdd8e8c5a27148f9c2ce9c9cfd36b3d84397dda1f042d6cf9752fc636fcadf8227caf4e98fd7564738cafaa6ac8c2c277d7155

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\3f396305-2ad4-4175-848c-2cc6b5c0c699\index-dir\the-real-index

                        Filesize

                        1KB

                        MD5

                        3e16ceceb918863743d461222f681d33

                        SHA1

                        18a194a3df48ed932fa9002baf68da88e987e933

                        SHA256

                        1196abd90ae30f183eba0dc2a33f3d2a17af6032ba76e13dfcc0ccf11a0447c5

                        SHA512

                        cff6d52b2f12ff35e85f46bcb858939e95d4cfe56b50621b78193c0f10ca25504dba8908ded1a2ff7311e7ea161b2bea727a68a2aa8d1e2a9c044eb1b9d91f15

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\3f396305-2ad4-4175-848c-2cc6b5c0c699\index-dir\the-real-index~RFe5834a7.TMP

                        Filesize

                        48B

                        MD5

                        e7ccff6387d1caa5a0b6048913b4e992

                        SHA1

                        79091c603ea771df299e01c538c4450bcb21c36e

                        SHA256

                        10944a2a78590313ca5b36abf2833e35e3627b18aa174c1a50a4095e5ee24fea

                        SHA512

                        3466a7282678e9f5c99e0fd364a2c4adc4edd502ca88e32b35fbdfffd9dd59dea2b6480d57999c9955d557eeb23c8973c065280f06271016b3a807a09a0c8ea1

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

                        Filesize

                        144B

                        MD5

                        6f25f3139f2b91619b2c6019feee799b

                        SHA1

                        5b42f6f08fbe8ce5fd40c739b84ecc7e2de27237

                        SHA256

                        8ae087ec45cffcc3cac00be42823fe1d15a6b02eb9aeaea2e1381a459e697c5f

                        SHA512

                        08ed853620d4d6508ffc6291927e936ca57b0672138bc8fe9858f32e5917335a0e24c46adac9fcaadbf06505036f4c36d2da8fb022e5a1eaa76ef98cad11662a

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

                        Filesize

                        80B

                        MD5

                        f729f44b71a35c9a139c5c237df3acd3

                        SHA1

                        1c35cabefa827ae9ce4fb0b6105f2a9d99550611

                        SHA256

                        4e059b8ada0f801660f8fa6dd89ea746647aabfc578acc58f7dee48b6a00d7cd

                        SHA512

                        158a44f9ac2cce7117a844603aa12f3e65b9f4f04aaefa4d8a432bc0986e2aefc10f79b865eee9874040058988ec8f6bca269dade008af4b837c145ba7096f23

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

                        Filesize

                        82B

                        MD5

                        e42bb05d1ed0acb408cc44f61618e48b

                        SHA1

                        60a1cd279b38d2bd44ec164784bfdeb53d880e3d

                        SHA256

                        0934ae5490d79d7af4344e2449cbcdfc466075500bfba24743d35e083f2b6db2

                        SHA512

                        76a57d558a681a56683aa4760c6ba604b9b532c4255db7baffb541fe45bbb1880ebd51ee2c9b3d866eb1cda1933c13d1d836c175cc98df1361c380dc270c5279

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt~RFe57df54.TMP

                        Filesize

                        87B

                        MD5

                        1bb7694ceda06eadab89720e14a1d845

                        SHA1

                        bf4811f80637f66dff2f04a9025a0d66a1185c18

                        SHA256

                        a1edda0cdaf29f34c28ba64fcfd34c406dd67dfd875c2e9c6656dbbd017c8ac3

                        SHA512

                        43b19b7917ebfad19415faa6432cb5338c81be67eca6c60d8dede15720712cac46f7c61fe82587d32f50b14ea349d0df99669c18aebc0c79875a752ba4939004

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        129KB

                        MD5

                        da4ea938d9db8f0ad73e0a082f0144e4

                        SHA1

                        8f0ba895caf3a19bc340d616930a4210e2f44d14

                        SHA256

                        913d7f72930ae186c816027b1fb9985b6a0df102b8200b9db38414089f8d32b6

                        SHA512

                        7b2b06027763d5a8480bdb338f8453b7d82b1cc1a0d71df8e4c7153e32f5d062369dbbd1c0a6e3ff4f960d9fce865cd351c774649a7e7573074754af7c7d9e63