Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 23:44
Static task
static1
Behavioral task
behavioral1
Sample
a98e889a-9bb2-431d-89c8-32288a96d510.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a98e889a-9bb2-431d-89c8-32288a96d510.html
Resource
win10v2004-20240611-en
General
-
Target
a98e889a-9bb2-431d-89c8-32288a96d510.html
-
Size
3KB
-
MD5
150a5c680416c128fae2babe7380113e
-
SHA1
aa3281a3a6351d070fffd5742f6987e32785e8c7
-
SHA256
a74cfb9c8740b409a8b6993d78b92987effa81245aacb6c27ca0f2ada60fd929
-
SHA512
7e1da31dd0f6ff292889396dad630cf5bde0ea37b73fb635e7857664753f4d8b3670a8044eb6016a015f27fb0db3083b05479e7adea3312cf5db13b20c7f6843
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627095010863063" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1904 chrome.exe 1904 chrome.exe 4108 chrome.exe 4108 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1904 chrome.exe 1904 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe Token: SeShutdownPrivilege 1904 chrome.exe Token: SeCreatePagefilePrivilege 1904 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe 1904 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1904 wrote to memory of 4548 1904 chrome.exe 80 PID 1904 wrote to memory of 4548 1904 chrome.exe 80 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 1940 1904 chrome.exe 83 PID 1904 wrote to memory of 4644 1904 chrome.exe 84 PID 1904 wrote to memory of 4644 1904 chrome.exe 84 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85 PID 1904 wrote to memory of 4252 1904 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\a98e889a-9bb2-431d-89c8-32288a96d510.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1904 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7bd1ab58,0x7ffd7bd1ab68,0x7ffd7bd1ab782⤵PID:4548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1856,i,9901084807540668420,11137337692917136530,131072 /prefetch:22⤵PID:1940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1856,i,9901084807540668420,11137337692917136530,131072 /prefetch:82⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1856,i,9901084807540668420,11137337692917136530,131072 /prefetch:82⤵PID:4252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1856,i,9901084807540668420,11137337692917136530,131072 /prefetch:12⤵PID:2496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1856,i,9901084807540668420,11137337692917136530,131072 /prefetch:12⤵PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 --field-trial-handle=1856,i,9901084807540668420,11137337692917136530,131072 /prefetch:82⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1856,i,9901084807540668420,11137337692917136530,131072 /prefetch:82⤵PID:3952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1856,i,9901084807540668420,11137337692917136530,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4108
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4416
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
138KB
MD57edfeec6299974e90e29a2ae699188cc
SHA10826afe0d36ed48443fd74c1a4f53ee85b235af4
SHA25641fa3c042fe3d38c85f45c391f4c04734dd1fe405213546f1886840378d1ca93
SHA512fdf7bc96bce17b1ee0ac9ef9eb2236e0b4511f8ed6936b7fd327428815f8da4e407beb6354532a3a48d422facde8e412653e7ce13bafaed5b68b3a1ce453ed50
-
Filesize
1KB
MD50bbefd8f643638ae3e7b39e1966970c2
SHA1f20b2fe82e03500e714bae9bd4d1ef42ca147221
SHA256c734966cb8c6e83c87f72b5ea9a04c74f08dfa3d159d7b11f39f7b379122b9c7
SHA512488f45c01e3fc5ce1dd52616f606c53049e4803493be4d9615c9887a4cc2bf762d84f134b954134792ff71620f018e327e35cd5990fa0c581500df4733e5c16e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD569a59e28ea25ada15a6afaef58b7fe4b
SHA1ef62bd499497b34a540460b53022ae6807cd765d
SHA2561cb3211b7f89a75a89f5f052b36c9daf7c51c1dc3e9097899d87bdddccb1a16b
SHA512bd874e13957030f0d2c55ffb78fb8f10f627260c42ff8a3d31be8921c2167c35304966617a93ac464a9c2d56eaaf5c19022ae8c6831c0f6d56399b7df2d5f6dc