8e9ac2db1a647bc4f72265ee9cae8b2118dc942a70c9e4175f23c372b1a91348

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Attached Message Part.htm
Size

180B
MD5

1752ee66b2c165cb1ac4536119bc6236
SHA1

430673d1b58d29e3e32c8914480b96e92f9a37be
SHA256

8e9ac2db1a647bc4f72265ee9cae8b2118dc942a70c9e4175f23c372b1a91348
SHA512

d34d397e200487097c0c014ac8dada791644b9ff27beefdb56cb2c349e79cf33b009659fb98697a7602eba30a62cca020bc64259cc5c3da87db777c973840334

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627661122488738"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
4124	chrome.exe
4124	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 4272	2256	chrome.exe	82
PID 2256 wrote to memory of 4272	2256	chrome.exe	82
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 2364	2256	chrome.exe	83
PID 2256 wrote to memory of 264	2256	chrome.exe	84
PID 2256 wrote to memory of 264	2256	chrome.exe	84
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85
PID 2256 wrote to memory of 1152	2256	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Attached Message Part.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff90829ab58,0x7ff90829ab68,0x7ff90829ab78
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1892,i,9128370585750273071,4534066033622174985,131072 /prefetch:2
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1892,i,9128370585750273071,4534066033622174985,131072 /prefetch:8
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1892,i,9128370585750273071,4534066033622174985,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1892,i,9128370585750273071,4534066033622174985,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1892,i,9128370585750273071,4534066033622174985,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1892,i,9128370585750273071,4534066033622174985,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1892,i,9128370585750273071,4534066033622174985,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 --field-trial-handle=1892,i,9128370585750273071,4534066033622174985,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3f9ec673fd078fe8164b7e581633dda9

SHA1
835265cb5e4bb6c28d416f934366907392f89de2

SHA256
42909a3ccd310bdea04920945cb6aa4792e3a594d7b79326681c8785934012e1

SHA512
cfec1b9188ced7a7e5ca01344d2c3fd66a396c4d515df53465d97c430297bf716e304c17267cfabe4c5159730462af3fabe524561a832a157cd183b3355215ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
9b9af70cf50ff165a5a18eff9d515178

SHA1
27c256e9e2645806ca02bd754a2f0e8a842e6f55

SHA256
f0b06ddb403b256656b58d1f85e2897944ae56c104181c9c9f1a2209bf6c52ce

SHA512
f26308e78c820bc20e04fd59ac4a558d7038f4a0d915871cb941e6883042f2787113d020cfc6573b2a3eef577c913cdabee724eabaa7ff95ce723b0a93abf4dd

Download Submit