ec32183425f582f636d59a00571e501ad3161340409a73731dc32b956a890a94

max time kernel
2s
max time network
245s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
08/06/2024, 22:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

20KB
MD5

1b074a4ee8eead8afdcef0fbc0c3ae21
SHA1

af880a4d8fee87ee37e8b7df0b6300e700cbf4cf
SHA256

ec32183425f582f636d59a00571e501ad3161340409a73731dc32b956a890a94
SHA512

312eeec043fae799b11d2878831effc15d9ab750265852e9f9c4a5aff335b4a946f0cf3c313da7e6679e0cb65a75b6b91bc83ede007bfae1e47cef9cb9d9a5be
SSDEEP

384:rRp65t9DpmReVoOs4Ai9ylKeGMYU8HhhbEez2n75u22zo2paWhOwob05Bz+m28Jo:rRpMBVoOs4AmyI1MyBhbn+IMWhOwob0O

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623600468362434"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4452	chrome.exe
4452	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4452	chrome.exe
4452	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4452	chrome.exe
Token: SeCreatePagefilePrivilege	4452	chrome.exe
Token: SeShutdownPrivilege	4452	chrome.exe
Token: SeCreatePagefilePrivilege	4452	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe
4452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 2052	4452	chrome.exe	76
PID 4452 wrote to memory of 2052	4452	chrome.exe	76
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 3260	4452	chrome.exe	77
PID 4452 wrote to memory of 1172	4452	chrome.exe	78
PID 4452 wrote to memory of 1172	4452	chrome.exe	78
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79
PID 4452 wrote to memory of 3556	4452	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb0371ab58,0x7ffb0371ab68,0x7ffb0371ab78
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1724,i,15865405987387528295,5447358668628896261,131072 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1724,i,15865405987387528295,5447358668628896261,131072 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1724,i,15865405987387528295,5447358668628896261,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1724,i,15865405987387528295,5447358668628896261,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1724,i,15865405987387528295,5447358668628896261,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1724,i,15865405987387528295,5447358668628896261,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1724,i,15865405987387528295,5447358668628896261,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3804 --field-trial-handle=1724,i,15865405987387528295,5447358668628896261,131072 /prefetch:2
  2⤵
  PID:800

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
852B

MD5
58a225a26c76f63be0b4d252f6db2baa

SHA1
860f27225d7c46856ecc3752ca09790a38f982c2

SHA256
7ef4f84e1599f6bf5f2a6de908f815a1d1a1d40a00f7be3f02b7b920ef08924c

SHA512
e0622f88cfbac60d52f1d722fa5f92cb7a880d74a4b86dbfb46946e47020ae8b2786f583f9cb321a3aabbe2ebd3e14d26daa0027807508861d77e27979ffb33d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1d2fe2f0c06362a4a571ed007e2f9b5c

SHA1
0b399f3c222aa38ecc0bbfaf85b29bfed28bcc7f

SHA256
10c2944c1a31249e1b0bb849bf399ba67c3d44bd3394f64dc5d45ab9b807a444

SHA512
ff039e80bf24b617a53a542ee90a1a7f667b0f9f8693e02ffa2246888f9072f5e754adc51393745aa211083fb3161777e59fe5e1e6082089fa6172639d5d7e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
61f75392117d3834407ca1cd50c06d1f

SHA1
5302d8685377a97024b9e582beeb256424f60167

SHA256
2be1c3b8445e2987273aeb08fafe34aebe84fd774d0ed30d4eb8544576b6d45a

SHA512
c671a7696a16c452442da3277c5723cd491b3ceb04cdb89307da21ab688f5f5d5cf40f1dd08fdd2231d38552c5f5459dc7e55857dab31359d2dec2e3db24514d

Download Submit