55b19eadbb7776a5631aa46307074c08be68f9983c499a6368ed5205e7ad3b65

Analysis

max time kernel
100s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wp-login.html
Size

5KB
MD5

1a00bcdbb9e8f643be0088ba94170530
SHA1

f7630a812173d9217ea94d40d002a32e90b0c76e
SHA256

55b19eadbb7776a5631aa46307074c08be68f9983c499a6368ed5205e7ad3b65
SHA512

05ce04e8f236c8111f48854e739b2592ba9d1fa0e26c6fd2f2bb43a078d971d635def830b79aae6c22e9b69217f3a92a2b25690719f8ca2687a2afffda161388
SSDEEP

96:mc/R99k2ff9i94sfASCNw3q8EiYcBscmLFqe5:ldk2f4f7CNw3qJiYcBGU0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3076	chrome.exe
3076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3076	chrome.exe
3076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe
Token: SeShutdownPrivilege	3076	chrome.exe
Token: SeCreatePagefilePrivilege	3076	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe
3076	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3076 wrote to memory of 3140	3076	chrome.exe	82
PID 3076 wrote to memory of 3140	3076	chrome.exe	82
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 2060	3076	chrome.exe	83
PID 3076 wrote to memory of 4976	3076	chrome.exe	84
PID 3076 wrote to memory of 4976	3076	chrome.exe	84
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85
PID 3076 wrote to memory of 2716	3076	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\wp-login.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4c19ab58,0x7ffc4c19ab68,0x7ffc4c19ab78
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1908,i,1440717730287340355,7630855179625218041,131072 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1908,i,1440717730287340355,7630855179625218041,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1908,i,1440717730287340355,7630855179625218041,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1908,i,1440717730287340355,7630855179625218041,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1908,i,1440717730287340355,7630855179625218041,131072 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1908,i,1440717730287340355,7630855179625218041,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1908,i,1440717730287340355,7630855179625218041,131072 /prefetch:8
  2⤵
  PID:4156

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
11aa5b324dcb03c55a66bd4b1bd7964b

SHA1
8c0f354ef0b51975fbffb35d90009b236f7266c9

SHA256
0f02d5a6ac2eee86ce4db2fb69a62965dfc112dc3b06178be760c0e4426675ec

SHA512
9c46df1a89516c47f50b7ed88019d317f06c3ae179512cfa465a77ee24e36084e1f9bd9d22a3db9b76180d8b7086f6088f0a1e4358edf4521d73aafe4f2eb6c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
869077f8ce80ed4335395cc4ea8b0404

SHA1
affa297e828995a7d9486b7f8261bc3b74f9b877

SHA256
a823cca19614ffa3247d56420a3f0b71cd538638efa51d8cda05055660e93c60

SHA512
cc84fbd4309545643fa5da0dae73fceb7643f15d1b4bd974f9573081191506d006061f8e9aff0b161ddef003a7d4b2b5ad2b7929ca20ac2be87f55f3d23fec84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e6879c8e20f7d8bb6ab05bf8cf32cfe

SHA1
3fb0058b11e07bbb58fcd332db9eaf601ccccdbb

SHA256
8d87049d7b82ebd833d3a559cb1ce273e56c8c47592a5b7b0d71bb47374976df

SHA512
8bc5292db5390abccc393b9de0aa95f5e93fb2571ba52e08ed18786ab8005b619c9439b40065e51354910d34b5f0dc47f123338f443bd1fdc6717e981cdde32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
d728f12e1cc0d19f873364bf0c28d338

SHA1
1b4856302bf2fe01257ecfdbf3dff8fd80609a5a

SHA256
662126a66215ba3f4abcdf762c0bea658959a541f76594e3936461563a967093

SHA512
c0449688c0d1854b85cd4961d62cc963ad4d5e3cf850bcb9d37894a042e7182744e472a207ce341fa3ada9207fc426f71aa859b1da57b09b710c8cf6e7c7a142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
1e295d6159157c5bf3a73b833ed9212b

SHA1
74b4413aee932d6ad67b355ead3ccb457fcce151

SHA256
8f916c9e90acd44d518b14e60f7bf0f2d39293b23f223d20febfe23c58b2570f

SHA512
fe34ef018c7ab5f1562209885d52730662d9e1d1ba52608ec6fa8eac2cfd9a29199f42ed3befa97ef7bea46a704c0b017e6c362f50e721ffdca8e375d229ee74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7003288621c54fdaf92db86a315eab44

SHA1
cad1b952d98212e0331698b8e632789c55a71ef9

SHA256
ab6f715a70310a51de557ba7e48c65c4fa5aeba255acede6162bdc919ee5bb8b

SHA512
4d7251b5dc9d2270a1e6bb84f24176457b5315a94f3ded7f50e1438c0bca8ffd9f48e1a3642dc3830c7d0d859c4a9d1640e77047feae37b3923bd89dcdd6c369

Download Submit