Analysis Overview
SHA256
ee2efd159aefb0f7c0a51507eb54552c33d26991692afe55a36729f3f374ba8f
Threat Level: No (potentially) malicious behavior was detected
The file results was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:00
Reported
2024-06-03 13:31
Platform
win11-20240508-en
Max time kernel
1800s
Max time network
1685s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618933359596172" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\results.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf6bbab58,0x7ffaf6bbab68,0x7ffaf6bbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=276 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1760,i,12266241502232090789,6308204760770831906,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 52.111.227.11:443 | tcp | |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
\??\pipe\crashpad_1912_AIJZFDJDKBPKXZCH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | da4ea938d9db8f0ad73e0a082f0144e4 |
| SHA1 | 8f0ba895caf3a19bc340d616930a4210e2f44d14 |
| SHA256 | 913d7f72930ae186c816027b1fb9985b6a0df102b8200b9db38414089f8d32b6 |
| SHA512 | 7b2b06027763d5a8480bdb338f8453b7d82b1cc1a0d71df8e4c7153e32f5d062369dbbd1c0a6e3ff4f960d9fce865cd351c774649a7e7573074754af7c7d9e63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 32ee6b9c2e1d5adf4c086594aa4a6fd8 |
| SHA1 | 62a307e2bf957297ea5836543059b84be8ae9a44 |
| SHA256 | 49d973d008108d01bde5809f0e1147ae3e5e938644041661d36b0f352365e525 |
| SHA512 | 6f6041dfe1158139468785fdcbbdd8e8c5a27148f9c2ce9c9cfd36b3d84397dda1f042d6cf9752fc636fcadf8227caf4e98fd7564738cafaa6ac8c2c277d7155 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
| MD5 | f729f44b71a35c9a139c5c237df3acd3 |
| SHA1 | 1c35cabefa827ae9ce4fb0b6105f2a9d99550611 |
| SHA256 | 4e059b8ada0f801660f8fa6dd89ea746647aabfc578acc58f7dee48b6a00d7cd |
| SHA512 | 158a44f9ac2cce7117a844603aa12f3e65b9f4f04aaefa4d8a432bc0986e2aefc10f79b865eee9874040058988ec8f6bca269dade008af4b837c145ba7096f23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
| MD5 | 6f25f3139f2b91619b2c6019feee799b |
| SHA1 | 5b42f6f08fbe8ce5fd40c739b84ecc7e2de27237 |
| SHA256 | 8ae087ec45cffcc3cac00be42823fe1d15a6b02eb9aeaea2e1381a459e697c5f |
| SHA512 | 08ed853620d4d6508ffc6291927e936ca57b0672138bc8fe9858f32e5917335a0e24c46adac9fcaadbf06505036f4c36d2da8fb022e5a1eaa76ef98cad11662a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt~RFe57df54.TMP
| MD5 | 1bb7694ceda06eadab89720e14a1d845 |
| SHA1 | bf4811f80637f66dff2f04a9025a0d66a1185c18 |
| SHA256 | a1edda0cdaf29f34c28ba64fcfd34c406dd67dfd875c2e9c6656dbbd017c8ac3 |
| SHA512 | 43b19b7917ebfad19415faa6432cb5338c81be67eca6c60d8dede15720712cac46f7c61fe82587d32f50b14ea349d0df99669c18aebc0c79875a752ba4939004 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | abc4f282f4a4d3febc61fdec8aca5605 |
| SHA1 | a109d426a32862f8fa7c0eefa81099eb35aa8763 |
| SHA256 | 15cb926c2192352f40e5431e493dde86adab4374fb69a71d7c076f72fded3fcd |
| SHA512 | f04dc1ace8a62a1ef3bec0cd2dd516f0cee3ac35d8618de178b95562be64cf1c6f30ed9659bf4ef0da69add4e40c9e309f312dd60ee541dbf022fe2fccec3278 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\3f396305-2ad4-4175-848c-2cc6b5c0c699\index-dir\the-real-index~RFe5834a7.TMP
| MD5 | e7ccff6387d1caa5a0b6048913b4e992 |
| SHA1 | 79091c603ea771df299e01c538c4450bcb21c36e |
| SHA256 | 10944a2a78590313ca5b36abf2833e35e3627b18aa174c1a50a4095e5ee24fea |
| SHA512 | 3466a7282678e9f5c99e0fd364a2c4adc4edd502ca88e32b35fbdfffd9dd59dea2b6480d57999c9955d557eeb23c8973c065280f06271016b3a807a09a0c8ea1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\3f396305-2ad4-4175-848c-2cc6b5c0c699\index-dir\the-real-index
| MD5 | 3e16ceceb918863743d461222f681d33 |
| SHA1 | 18a194a3df48ed932fa9002baf68da88e987e933 |
| SHA256 | 1196abd90ae30f183eba0dc2a33f3d2a17af6032ba76e13dfcc0ccf11a0447c5 |
| SHA512 | cff6d52b2f12ff35e85f46bcb858939e95d4cfe56b50621b78193c0f10ca25504dba8908ded1a2ff7311e7ea161b2bea727a68a2aa8d1e2a9c044eb1b9d91f15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
| MD5 | e42bb05d1ed0acb408cc44f61618e48b |
| SHA1 | 60a1cd279b38d2bd44ec164784bfdeb53d880e3d |
| SHA256 | 0934ae5490d79d7af4344e2449cbcdfc466075500bfba24743d35e083f2b6db2 |
| SHA512 | 76a57d558a681a56683aa4760c6ba604b9b532c4255db7baffb541fe45bbb1880ebd51ee2c9b3d866eb1cda1933c13d1d836c175cc98df1361c380dc270c5279 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 18ef53aede82d5a0c3e51fbfbb3956c5 |
| SHA1 | 6d8d9c18b32211bb2800e93baf52ead37887be3c |
| SHA256 | 63994ea29c381bf682a61d12d0af7ef938f7f95789f63119d8295d03421e9169 |
| SHA512 | dad8e792bfecfb025595928de6fb5b511e13f31b258c515cf26cff8537f6e1b57211f6f5c25ef1548324abc419be3782e2810072cb4d0052ab3f8ddd6ad6e1f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7bbcfb37a367391e30d6fc7fd86c1d28 |
| SHA1 | 5b974eafcf1980f83aae52930e3f6eec00498047 |
| SHA256 | ce5d03d4c17fdbd5bf0f0790021011476a1e3222cb28f2c02b6961974fc5df1f |
| SHA512 | 071d99a015964b11371d0711f8a8325d07db39f8c21bf0646ab6bb800444762a58217270030f99651c4818e2c98313b4e1e7da25a3fcb6533244cacb87ebd554 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5e084038822688e6812351994a59baec |
| SHA1 | 9a3d2a8dcb5c3e8d84ab2ad5d68dd29b821cf983 |
| SHA256 | ea4091cfca1095dbe4fe2811c1c8c95320abca1d27d968a127db5c2482c71811 |
| SHA512 | 83c4b53297b8b403c481b5f209f31ac8ef0cf6fb9137fa9f01f4a7773165e23a69c3eae6cc3c72db93d6587df76159e2ec4690251c2a8856b3e0e8bf84ad551a |