cb737858eabc7d1a025333892c791db215b0b8b029aea27679d4b4ee317271f4

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

753943fac9e87e6e3e03bdd85dff1691
SHA1

7f910ae08a51aa1a5d61e2d5a244d1cdd1085ea0
SHA256

cb737858eabc7d1a025333892c791db215b0b8b029aea27679d4b4ee317271f4
SHA512

b12498b9e75517d196eb5b43748af2fa2c38eaeb4655f217fedf921a26507e88a922baf728935092abb6c36de6e9f161933736e53511d33292a447274b547fe2
SSDEEP

384:r0EYMClpspY1ocy4j4lbGaZU8HhhbPVICctLK2fa2hOwV0b0L+tg8xCqcR1:r0Eg1ocy4sEaNBhbtr2hOwSb0P8xQR1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629025380817438"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
4108	chrome.exe
4108	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
116	chrome.exe
116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 1944	116	chrome.exe	83
PID 116 wrote to memory of 1944	116	chrome.exe	83
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 2620	116	chrome.exe	85
PID 116 wrote to memory of 1524	116	chrome.exe	86
PID 116 wrote to memory of 1524	116	chrome.exe	86
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87
PID 116 wrote to memory of 552	116	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be90ab58,0x7ff8be90ab68,0x7ff8be90ab78
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1872,i,17268954998402765348,16036670463761265078,131072 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1872,i,17268954998402765348,16036670463761265078,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1872,i,17268954998402765348,16036670463761265078,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1872,i,17268954998402765348,16036670463761265078,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,17268954998402765348,16036670463761265078,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1872,i,17268954998402765348,16036670463761265078,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1872,i,17268954998402765348,16036670463761265078,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1872,i,17268954998402765348,16036670463761265078,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
64668925f3ab65b54e1f7dc31f06187c

SHA1
6b84eb0bbb345b10b939f4021875aafeb9cda6e6

SHA256
3ff62be1d39bebcd2078a536fb9a8465f0220b78ad1b6a4d309f57f57fdfd3d4

SHA512
b8af4a2367c451bedcc14feb8597bfb3829f531a398dbb03f6811f07ac5d1b93bd766507d71c51ee3ccec6d4503df5c7a067d6af7cc04b1c55c6b3889e01a894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
5deae2ea3981905e9ee66f56b65b66aa

SHA1
da53a383fa94df2aeb8f793b729a09e9c362d2e3

SHA256
dcc661ca830b0ea120f60955839b5ca0d3f36a397a0dd992bd4cae455eccf3b8

SHA512
4f74f9f1082301d7ff0f2eda79789b682e49569064b92812c8d2f95cb8504d07fd97fa977f624ee71371b1d8e36e203599158fa677cf34dd22da4e5ffb3c6c7c

Download Submit