Analysis Overview
Threat Level: Known bad
The file https://hardlaunched.s3.us-east-005.backblazeb2.com/hardlaunched.html was found to be: Known bad.
Malicious Activity Summary
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-11 10:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 10:57
Reported
2024-06-11 10:59
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625770437700516" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hardlaunched.s3.us-east-005.backblazeb2.com/hardlaunched.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e24ab58,0x7ffd7e24ab68,0x7ffd7e24ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4332 --field-trial-handle=1860,i,13946548838594906266,12836949918186800095,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hardlaunched.s3.us-east-005.backblazeb2.com | udp |
| US | 149.137.137.254:443 | hardlaunched.s3.us-east-005.backblazeb2.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | 1330394848-1323985617.cos.eu-frankfurt.myqcloud.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.137.137.149.in-addr.arpa | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| DE | 162.62.150.187:443 | 1330394848-1323985617.cos.eu-frankfurt.myqcloud.com | tcp |
| DE | 162.62.150.187:443 | 1330394848-1323985617.cos.eu-frankfurt.myqcloud.com | tcp |
| US | 8.8.8.8:53 | 1330394848.site | udp |
| US | 162.241.71.126:443 | 1330394848.site | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.150.62.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 126.71.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 162.241.71.126:443 | 1330394848.site | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 162.241.71.126:443 | 1330394848.site | tcp |
Files
\??\pipe\crashpad_1084_HVFQMWXODIYBDHDS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fc40ed52e4ab96cafde33cbe1d137f93 |
| SHA1 | ff2959bd24923f4b41a92816d36536c999929b36 |
| SHA256 | 3fb785a17428dcc04b7fb639e8b82bf34c7603bd3d924cba86f78437b2c858cf |
| SHA512 | af16a2bdc8ff1b6ec9e51d1a757a4b627dd188ac98636b3e64d79a0a7e8b94841c596b0e87633dc08d579cee3924da81e3f6f223daa082abd7efa16fbce920d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b2a2bf37e65a5d69fc9cc2f878748f1 |
| SHA1 | bf9d2149f91df333b4677110b7bcb57beb89b165 |
| SHA256 | 0607721ec716b5b050c3ee6aa05d7adb605f1c85b137c585b9527a04827137e9 |
| SHA512 | dce35af2896ad0f5d69dfc6d9f7521891d46fa73bb87a8b97a310d5be07f61c9d6b35c860fac5ca40abb35fc6f2fef6fdd7d2c6fb9e80457d10b022a9052580d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7d4b306899172aa869430ec34313bedc |
| SHA1 | fbafa236006468fb3b5f9908f72539c75b590433 |
| SHA256 | 10106a8d94b12141e853a969fed145b4a09e28d1ba626b15c6f1e200ca639ab6 |
| SHA512 | 89500475767cd4591737c3c55866fd39bf03bb624aba8c3001493375bb5a6a5eff744be79a31b8977a3f3c88c107a52c03c4c9fe82389ccc87d7b40f66181b96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef60f67999208f591fdf987236b3d210 |
| SHA1 | c6fe581e9df1eba1f8ecb0e4d9eea19dfae63957 |
| SHA256 | 39acaf4dbfcf3184787da8cf5d9f13be97e2af846284fea88573099d2d6b8f83 |
| SHA512 | 78a59ff54a0bae31862eb0621be10fe35964b66f4c754873b44f017ea92adbbcc9973ed2b080ee7d1e480fe67043f9230e4e555e89b0dba56a5fe7b247551cc3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 289e9d6606164529cc3f8819d0f94ea7 |
| SHA1 | 5b04810dc5297cfb72419efd355631f71872b55a |
| SHA256 | 2a4e0f2108ba57b263a2bff72d4666c67b27fc43386860cb25471c45db5180ff |
| SHA512 | dd5f288c930027e3998417ba7f2117e804663704a7ddc221d7d6b2d9f40a3605906d94aea45d871ab7758d34bf4c9fef92c4f58f8456b5210185df8928cbdb39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | dfcebeac3c653997eb53fc263735eccd |
| SHA1 | cce710352cb6b3ab9a2695a4e0067278a251f754 |
| SHA256 | 994d32949db0ef53aeb369bb2ce0ee8d35c574b00b4baf2ddb8971d9b6699bd1 |
| SHA512 | 6ff2b9ead41c0f46e398ded9cc2bb2731086018b57ed7a5da004c2f8c065ea63a3c7ef72860420278e694ed457f37bd7a9378668d0c46c4a24449ab8f5fe8df3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d11b.TMP
| MD5 | b3ae7c5b217921c9389d625eb13c785c |
| SHA1 | 0aa9ad90f658c10e641169e3ce9d0c78dde1f520 |
| SHA256 | 2da128ccb93cee93a7f2b4d8dfbe2c20c282e308ba9ffa52806fd5831e6609b8 |
| SHA512 | 74fe758a29838c3256c6cef07d0cbbfa9407c346adbb588e2ee22aa80ae1ad2fe7a6aa026f3017aaf835b6348bcda865567ff943200f5b86bde2d11788d1dfa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f85d1f8a1be44d679970fc0f4dd496b1 |
| SHA1 | f51252bb111bae4f1b0f157c8ba590987e2ee953 |
| SHA256 | 4599f0aac4e9101721a105d5a02245b6c65fd6c78e85da2c2b2952a8ec89fe2a |
| SHA512 | 2206cb9cb0c01296678ece45dac66c058e3e6449e39dd470cc9aac730a2cbf88801e1e7a67a20de7a32e57386e20cc7355910cfcadcc247a8efed81fcbcf8454 |