b439f24b37abdeb2476cf98f101e11ba3832df57b99cb2104dd83a5527bee262

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1246537483974348871.html
Size

6KB
MD5

da4937bb93c0a6964821f45cf9f9b784
SHA1

bf32d9708e05ddc1243137e9486d1c95ff74c6de
SHA256

b439f24b37abdeb2476cf98f101e11ba3832df57b99cb2104dd83a5527bee262
SHA512

91e414b7508e26d94d2b1b5318b0dc3419262abcb2f4dd723a9a33c86a259a7f5c4ec67f0df03a62cbc396609339029adbe4d939d116a3de159e1f68d7c8e08e
SSDEEP

96:yUpHLcOfRr8LNlG6e5hNvtdLXe5GaZftfnfmZEg4/f8Z8S+ckr0yTMQr8YSCw:ycH1Rr8BClu39a4kDn40yThrVSCw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619588462657280"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe
Token: SeShutdownPrivilege	1184	chrome.exe
Token: SeCreatePagefilePrivilege	1184	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe
1184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1792	1184	chrome.exe	82
PID 1184 wrote to memory of 1792	1184	chrome.exe	82
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2964	1184	chrome.exe	83
PID 1184 wrote to memory of 2428	1184	chrome.exe	84
PID 1184 wrote to memory of 2428	1184	chrome.exe	84
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85
PID 1184 wrote to memory of 244	1184	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\1246537483974348871.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1cb0ab58,0x7ffe1cb0ab68,0x7ffe1cb0ab78
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=984 --field-trial-handle=1848,i,13318118920207862375,2038517196966935412,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
852B

MD5
e4825d90893f15c35dcf68641df31fc4

SHA1
ad6c32a3ebe5a32854a406a5275daa8559eb37eb

SHA256
dd234d59d4d2e42d9337a613ae80663554663daa9a811c876a977fbc86133e70

SHA512
979ba81207cf24fb5ab3d3b98a33706defb3f8585300a51d17a7609dd985a3b170fbfcacebeca86ab5e55f2ae53fd14360d12c4c6265b4848359a3df969bfae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4e6e59fdfb9cc9402682340ff17403f9

SHA1
79059dc63e3dfc9ba1a3b8d7efe5ebbdb1a98646

SHA256
9de5ddb585b288d70bc479438302308927ba4ef5ea68116722f3a52d28d60f8a

SHA512
98acbf1cf0fe01f5f0ee0f8fe325058f8b99059626aa6964d830b419843b5a33ed67eded68257cf1819ea460b007053115129ff834403e829275085fa68492a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b655c99e430fb642fbfb121131e8bef3

SHA1
bf50e1cabcf262dc448acd25f7d112e74efb2112

SHA256
56af0bf62dfef1b88f1af623265909bf2d49233c6c5774ebd710c221a7f26c38

SHA512
edaa89fa175ed01e233f07eca9b9679a97e3bac4352e8745b444a952403eb31ebf56911053ac6e05b08ab72540b2c130461e1d6961f062e0df493a4933ad4c74

Download Submit