Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
07-06-2024 08:22
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pub--4a35d179db07438aa8056db61cf9597c-r2-dev.translate.goog/shtml.html?_x_tr_sl=zh-TW&_x_tr_tl=en&_x_tr_hl=en&[email protected]
Resource
win10-20240404-en
General
-
Target
https://pub--4a35d179db07438aa8056db61cf9597c-r2-dev.translate.goog/shtml.html?_x_tr_sl=zh-TW&_x_tr_tl=en&_x_tr_hl=en&[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622221547473208" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 596 chrome.exe 596 chrome.exe 4224 chrome.exe 4224 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 596 chrome.exe 596 chrome.exe 596 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe Token: SeShutdownPrivilege 596 chrome.exe Token: SeCreatePagefilePrivilege 596 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe 596 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 596 wrote to memory of 4256 596 chrome.exe chrome.exe PID 596 wrote to memory of 4256 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4932 596 chrome.exe chrome.exe PID 596 wrote to memory of 4980 596 chrome.exe chrome.exe PID 596 wrote to memory of 4980 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe PID 596 wrote to memory of 3356 596 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub--4a35d179db07438aa8056db61cf9597c-r2-dev.translate.goog/shtml.html?_x_tr_sl=zh-TW&_x_tr_tl=en&_x_tr_hl=en&[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:596 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa97ec9758,0x7ffa97ec9768,0x7ffa97ec97782⤵PID:4256
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:22⤵PID:4932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:82⤵PID:4980
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:82⤵PID:3356
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:12⤵PID:1672
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:12⤵PID:4428
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4676 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:12⤵PID:4624
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:82⤵PID:560
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:82⤵PID:404
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3568 --field-trial-handle=1836,i,7622701972391421512,5276334572955583830,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4224
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:924
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
576B
MD53cb32e2e661655c36db742825d4a090a
SHA1f4e7593b21dc805a0e7dc979377ea8a7ed73f170
SHA256ff9e3bd373abd2865dc9e279260d7b6a2871e10022f3b466547c6eea37ad37a9
SHA512e601f4f617cad64e33ee03a9d01b35d91e307229ad0c3cd7c461a8d74ec17c4079a28d32b80e3bd887f046bfdce187c43f582ae7716553ce73cef31a5d5c683f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\44105d15-b45c-4545-854a-0c1c9e0d2fe1.tmp
Filesize1KB
MD566b8fcb6e76f8c83dbc59fcc31568bb1
SHA14a2e67cdfaf9e1d8a699d50b649a4a5fd34b3f04
SHA2568dfc4605c5226d200ca4ed94ccee2b996bb7b18cb8f423f89934372e0b5ad7eb
SHA5122a4041640ff8965d27a2f778baafe6879303b646adc1909f7a9e2c8ab518e103abdd45b38184a70de828a6b0ecdf1447c983b1407284c6f8e107d9164105b38a
-
Filesize
3KB
MD5e8c4a6e5ac6c1084282402b436deaa47
SHA1f7bc5bb8ea1452853bbdf9f15e3eaca7bd7cac40
SHA256931ba220f6a591598761556ee5ae47c6c1b2e7fcfdc84ad58e3b96baf31fa49f
SHA512e4cf3f9f281a1cecdc98e028fc21551445aa4a90f9011ce859fd1c7245f55d0832bc4ccd6a9ea3b3dc99a3557c5ece853606ffcf6550a5bb3c5b7716571309aa
-
Filesize
3KB
MD5bd43de658cc859d84c2b88d15da9eb50
SHA1a25fbe9887662956385147d96574e2b9175badbf
SHA256e82618e770ea33d9da5fc00c16b31b4a82afd08cd19f6462eee77248f0af6d27
SHA512a3c3fc4904f51d6c475a0ce6c3eb53555753250ca727c63bb8d8b9f08cf7d189585f608ec74b6d1504b6bfb7246444032ce936bb839a0988cd872972979fe54d
-
Filesize
6KB
MD535a3f3f10f1fbe4e699d19c8e92c7f6e
SHA128c40dbbd68bf54189ffd119e3d8ceaf9a97d671
SHA2563dd9492c9a20df7bd26c63239258e7e6a8131684b72c5f1054934cba0a8a4506
SHA512992f1695aff03df108f03ac2a500338667c5b31685ec2f20d92ecda3572c7b014edeaed71d99e07f84f873bdaebb78b065da26a64e4f64cb3d567f12de36c9eb
-
Filesize
6KB
MD5fb3df5879aabad1812962644fd17349d
SHA118f5fe537385726628205295254b52d9be4481c9
SHA2564ef47cf9adba2b2d01fdf556de3d9da414d2b64d9f9b101c965bfb5a280b9601
SHA5124c861b53331d0573c49af30e590115e33911b780724a080bd531a8f84189506254c5179f02fd7d1ae901c4459d5f76bb55f45d005ede48c1174ee5f1fac3f209
-
Filesize
6KB
MD546399dc0c44ff59f0cc931a08a22d14f
SHA185602b7df5b666cdd3265f7beafa491e35f4c7f4
SHA25670b028c6d3032963bb1587080f1a07c6879477a92feef2bcab08f25fa5c5153b
SHA5124818d3f90479b9bd7ce91a167b59a4ee3018bdc5a4de3309987b61ca906caa590c6aacf12f1d41ef39c009c9859381c2ac10c07ed7e3fa96c32b2533c69e5f73
-
Filesize
136KB
MD5c06de348754ad4a6b705b39ddb5bdea4
SHA136319bb33d69647446dd4a54cf8373f6877c0046
SHA2567005c516b659271c8cf878e7f963fd87402992b84f78533d0ab406539de8dcc4
SHA51269c03bbabb8605af9a6af84b73b2dcc44c84d8196dda635baaf003720fe3fdf167b2a0cb98ccd9c9359a7b9bd52c6affc712c2b33e92e2d584bd27f76615a72a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e