Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file http://tracking.fintchmedia.com/tracking/click?d=d-kO8uirdtUmmyIMiFrG01EhksdqYNyr0o-KJIWh02aaEITXIHMXEjYyWDOQ1sZ6QjBCC-tdVoVLjSwkDcGyFLEkjVZLyBUf7ghjZ7D4GVzvpZ3MJKlSGjd9kvLpBelYj3009amBFcU9UdYJUai5HO-KZ3nzKbMT2ZSKiQ38wG59C7SUDG1JBXttf3I18ujLYAHuUvsjsB_PJWhvsujl4ZSBdKdPJ4TK6H8MdbRlayfvSPR7EzJ_Sn7eD6TGXTzz0r4sC0VXoB6V6BYnlP4i9wrUtYA3yUK6tbxM-G-UVKDp0 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:46
Reported
2024-06-13 07:47
Platform
win11-20240611-en
Max time kernel
45s
Max time network
49s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627384105386669" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tracking.fintchmedia.com/tracking/click?d=d-kO8uirdtUmmyIMiFrG01EhksdqYNyr0o-KJIWh02aaEITXIHMXEjYyWDOQ1sZ6QjBCC-tdVoVLjSwkDcGyFLEkjVZLyBUf7ghjZ7D4GVzvpZ3MJKlSGjd9kvLpBelYj3009amBFcU9UdYJUai5HO-KZ3nzKbMT2ZSKiQ38wG59C7SUDG1JBXttf3I18ujLYAHuUvsjsB_PJWhvsujl4ZSBdKdPJ4TK6H8MdbRlayfvSPR7EzJ_Sn7eD6TGXTzz0r4sC0VXoB6V6BYnlP4i9wrUtYA3yUK6tbxM-G-UVKDp0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ff8ab78ab58,0x7ff8ab78ab68,0x7ff8ab78ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2836 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4012 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4252 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3804 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4784 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4104 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4252 --field-trial-handle=1896,i,12238773435394840084,5301265050345045290,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tracking.fintchmedia.com | udp |
| FR | 164.132.95.123:80 | tracking.fintchmedia.com | tcp |
| FR | 164.132.95.123:80 | tracking.fintchmedia.com | tcp |
| US | 104.21.78.173:443 | project.techdatalicensing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp |
Files
\??\pipe\crashpad_4916_EZSWCOGSEUMEIGVI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e704df4f2c9db69aab3f5f174a40e391 |
| SHA1 | 99ccca5cdd35866adde0394b3bb667ec65e54f9c |
| SHA256 | 25d5a77c209ffb50ead1dab232786f271bbc5f6514e1571e2290453124e3614f |
| SHA512 | 2645a182bcab5b866eb185a515d20857fb52fe83ccbfaae9d06f32868a75299ee7038a1a45943e14bf35742bac0f2b420e176262a7c6768b362697056255f0cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0944cffdf6ff0439fba793c38502c15d |
| SHA1 | 16a398d063df4e9b2769466bb7b4da612ccb3ac0 |
| SHA256 | ab9f7137e7f8931f93e540390aa927257c5cde78b5b31010cf7abcf6fe8f60d4 |
| SHA512 | 3e74d8076d11a9555cf325244a7f60c9e16e086b2388e3fcfdd216e4d9816aa6b8cc1c5d6d0b1dc656ec565a1e9343d1e5f978559e91ffe81c1a8ae32e76f74e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6bb47bcd227902704d48591fa778915b |
| SHA1 | d947c64cba271f0b544ee346b0c5d800dc3c3338 |
| SHA256 | 7f7217fb1ba5b15eb067f28ccdf3ce8dcd0dac01ab7dabbe8bec77ee229c8e41 |
| SHA512 | 4e5f2749bfb28f1194dea4fcb97ad75d769ad0c55b3c1191b1c85fd632d3d7f0b3e03522fa69454df4144a8d6090bf9332c3cfcc7feaa7fe79c135db5704a350 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e95c9e75c4f43e493d14816b76757c5 |
| SHA1 | fd3e58f32ea586df84e0e285d1ddc7aa3c74a415 |
| SHA256 | 89bdd1b9a00287cb44fa8a849168c36df28cd1c75bb4b4f025786c7d8ddba1cc |
| SHA512 | 4756327aacc6767f41afc0f26a36c6e1addb1c2ec84f26b2688623d079d789cfcac44f63ec11034592f38b92b46ad0815996a79f0907034a86a6ee12bd9382b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e12ee34fe1b00183b2ffae3e0254a35 |
| SHA1 | 96553dae1f14b8cdc475d6dd77a279a61933bf8d |
| SHA256 | 391086f99334972da527a5fa97452945766f2fec25206815d749f0f11d2c3810 |
| SHA512 | 7d26911d75b67aaf138c3a5710c5dd012eaf98383627666dcb566e3327c106f803035ca4847eb4d9537d3198d7d13fcbd1bcf26c7fdfc89415ee0f76621f9d7f |