df49de4f16a83045b1e97b43abda71a05c514b108f3b033c4a0de7ce2229f515

Analysis

max time kernel
1799s
max time network
1687s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

intezer-vs-sandbox.html
Size

426KB
MD5

75d315b0de7063e77592e1fb0a9b37e2
SHA1

243bcea911010bd15cefc5cbc85a697e85912fb6
SHA256

df49de4f16a83045b1e97b43abda71a05c514b108f3b033c4a0de7ce2229f515
SHA512

02ce5f60b9e2ab078e9b4110b89f2b473e65bc411387dec71a5019a1ad43ef7bb4267273d59bab8c66dbda9ed02f7b399910cb27c0b92a2169b9d27c97e78887
SSDEEP

6144:OL9k7JiY/LlBP1eK0sBCwMaeQbYxJL4J5ym5t5f515vZ7x:Opk7SK0sBCw8m5t5f515vZ7x

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628225627829622"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2304	chrome.exe
2304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 704	2772	chrome.exe	86
PID 2772 wrote to memory of 704	2772	chrome.exe	86
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 1020	2772	chrome.exe	87
PID 2772 wrote to memory of 2328	2772	chrome.exe	88
PID 2772 wrote to memory of 2328	2772	chrome.exe	88
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89
PID 2772 wrote to memory of 1940	2772	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\intezer-vs-sandbox.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b73ab58,0x7ff82b73ab68,0x7ff82b73ab78
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1896,i,11116474061862564924,13281446120955335941,131072 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1896,i,11116474061862564924,13281446120955335941,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1896,i,11116474061862564924,13281446120955335941,131072 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1896,i,11116474061862564924,13281446120955335941,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1896,i,11116474061862564924,13281446120955335941,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1896,i,11116474061862564924,13281446120955335941,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1896,i,11116474061862564924,13281446120955335941,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1896,i,11116474061862564924,13281446120955335941,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6fbcebea90b4cc0cc087759f65aaa712

SHA1
066ac8ff51bfab31b2445e41480b60a8386860be

SHA256
3170975a27dc61da752dae362a24316ca70ff8b5bc8c742a23cb47a06091454a

SHA512
0fdfc393f60bb85e7a229796d9bc853c6aff9dbda03c3a048203b799067b2bd5975c3190b5bb687b17ef72bd15a189cb0496ad36e26ebd9a28cc943cef426bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
2830bc3ae7871d4d4578ca28c24bfd5a

SHA1
1820951aa7c9e75a67cbaa6951b888ac1f12c6dd

SHA256
e640a2e8e8ac6c2b826154899338765ce73f006527ad67147cb13bbcddb3b25c

SHA512
3d3d8f1f901aa65c8d419ea4134afa7317c37867786d684a61f56c27253dca38eb749c2acf4aeaab663613175d46e8c0e1ec967d09f986c28449a763c9fdf9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ba5e19046ce29120dcf721ba87dbe60a

SHA1
143259979f6838ba46011d5cc73c94a6bb3c5b98

SHA256
1f7d5f2729bac0f9bbced9cfd35250429e1c58278fb54d55b2f64fa1ad054e53

SHA512
8a705f43868dd33e59fc61f2e5a30991f46e4500f3485a16ad967cad802197a9cf1e4ff1cd8a40f04b4fb9a5bcf119d7a6045759c88b6742d2bdda37ef14ee71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b1d3bbf06ff3519a588f8ea1bf63023

SHA1
5452fcad23f81c4b3801acd3f747c078c7711c18

SHA256
cdf3725777ecd05459dc5ba57fc3e9a2d1d5b992199650a4c350d74c0f119588

SHA512
ec1a0010985ea67b547144556660ba3c3f828d426178c558207ae0cdf98e93036239eeed32e2ac9bd65f18ae5283db50b3a4f1aa2bd8c8ac09685aab452707fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
40ecb038ad2d8298862f48c3baa885b3

SHA1
25618e69283aa89573c6d2dae0dd1c5c51e72d04

SHA256
fb47591b7704dc5a45a96bc6c4ddccef7f99798dbf92e40350589eea42cd56b7

SHA512
ce2df42263e98883e5dd58206443ccdf2f00a58e3da4b8a072df24167a98910735c64dae5b75d5f1e06ead019f43910354690e3d16d52384e590f81ce7381803

Download Submit