Analysis
-
max time kernel
1571s -
max time network
1569s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 16:57
Static task
static1
Behavioral task
behavioral1
Sample
.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
.html
Resource
win10v2004-20240611-en
General
-
Target
.html
-
Size
6KB
-
MD5
1e123a0a0f7bb89fc514d60259f681d2
-
SHA1
54f8c9724f591c11108834b9371ed23a1837cf99
-
SHA256
ead2648f0c356193d5440f4835cc638c8c37f563448d8c731b6291baa2fd08d2
-
SHA512
d61e63512ac826c89dcb3ccf4b351fa787108da3246133c78e528f87b68e03a2fbe9c66112c10b7ce89767d2c6d006a1f8b6ababd58dd2eae0b4aec52996b5d2
-
SSDEEP
96:C+9SKSlgcJcBar/FNQRGhz0vLmerLcaIN986e0wHmaAjlSWHFDyNKRydro0gkb8D:wlLIYUEYTgNCbxJ0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exepid process 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe Token: SeShutdownPrivilege 2996 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
Processes:
chrome.exepid process 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe 2996 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2996 wrote to memory of 2072 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2072 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2072 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2436 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2596 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2596 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2596 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe PID 2996 wrote to memory of 2444 2996 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f89758,0x7fef6f89768,0x7fef6f897782⤵PID:2072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:22⤵PID:2436
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:82⤵PID:2596
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:82⤵PID:2444
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:12⤵PID:2488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:12⤵PID:2988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1332 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:22⤵PID:1560
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:22⤵PID:3044
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:82⤵PID:1928
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1584
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
149KB
MD5cd10dd96fd475dc7da86dd3d9b2bbd02
SHA117cc3241cc33e13802982bcb68dcc752552eae1e
SHA256c99aad55d90133ac673f72abc827f20b1e4d76b3ca53d01ae123b2b83176df04
SHA512593debf04daf21fa9f6d9d367c818f9131c702b709e3d0252af6b58de831a76f32c24555481e08fbb1367149ba510c150fc5df45eb913fa7cc6ea31d176e4f15
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD572dac4a0809ddccac211273a64d2a1f8
SHA10f8d5642b505c8368e444bd40bea903b5bc3dec2
SHA25642cc98dcdea6ab869eb70c7fd30c057eae61202a49cf9c71cb6b6a4108155609
SHA51269ab340a6c02cc39e8fd178a1ce183519290d21c5c4e6b81805a0caf2f955956a96b38a7ecaa3982e9aa83b3165fcb14d327325384ace7d792dadd06dcd8615d
-
Filesize
4KB
MD5fe57cb54095398cb99a8a74a3403da7b
SHA1fe9280db58362f3ffbf88e17ead57efa10af3fe1
SHA25617623d48e44c2336c545b16c58f490bea27b609de088bda77f24520f25b1fc4a
SHA512ba3e11de8181e3dacb6994fd3e93130f20567aeeb00d0916c36673050768bebef62689c40979cc329b3a945a91c5339b856a4e3c27e419ed2b126b737b508028
-
Filesize
4KB
MD58d17bc36e377df5e6f85801da3cfc151
SHA1fe89e68119040206de19da25e116c65778d2c959
SHA25693cba88f0a8bb5dfd0766c0b0a1cd49f20f1d75f1df6042eaa58273fa10d1452
SHA512e600b6cc668f1f1727fe8389ba6573c86ad7910d69489e27cc35bad3d69659f84ab9ecfe0477adbe3ee41cf3a35f6bd7cb708f6cbd7864020595257983c333b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
149KB
MD5daa9421b70073c36a4d9a03d5febaea9
SHA1915a6c048be34a6586f59d5568dc4e01f9e502fd
SHA256bf92b1569ca783feed29ea9c6b5006444d5609cdd6a0fd6f8bda40c5c2c18f52
SHA512fccecaba5175d1cacd2b353fedf904b84c2badbc2d5f6f2ce79f14d6d839ad77b9cd982268e134839960e7bd5b369c8ffa5d096533bda594cf1d26138d28435a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e