hxxps://gofile[.]io/d/4VkOwh

Analysis

max time kernel
1800s
max time network
1686s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/4VkOwh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629837624332647"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
548	chrome.exe
548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3908	1508	chrome.exe	82
PID 1508 wrote to memory of 3908	1508	chrome.exe	82
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 536	1508	chrome.exe	83
PID 1508 wrote to memory of 1316	1508	chrome.exe	84
PID 1508 wrote to memory of 1316	1508	chrome.exe	84
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85
PID 1508 wrote to memory of 376	1508	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/4VkOwh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0254ab58,0x7ffa0254ab68,0x7ffa0254ab78
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:2
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4184 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=952 --field-trial-handle=1888,i,1351015795810949054,4060239055573254359,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
3dad2327acb74a5bc5b27ba954915ed7

SHA1
5327bd83933c513194bc7d4fd6626205670ed1d3

SHA256
5747adabec79bc526f07aeb473705c39df82c6b0087c8de0c4bdf97e0646bfa7

SHA512
90569fe076dc7e13789897d28973db675b58615a79a18a62cdc0d31caa3abd1d75d77a53cf0f7bf677a96f7b717270e5ffdcfe43594ba318031bd2cc22bc2c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7b703383168b53363672c61ae107b358

SHA1
4ce0a3e9f9f38e93c1fafb80900e1e73ab9bf02d

SHA256
0b287e711d1274c0b85861c1f1b14ffe2b302b90d95db0390f780aad2a4dfa4c

SHA512
ace9725ebf7756d74884ff7e22d4246be24d5c5545c7bce0fcd6667021b61a78be72ea7ea8bfb3b050351e1ef170d13f5e5656b810ce74a716a7887b862b1ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
f61856d98a7d54fb0e2bd9831c0948d5

SHA1
4b2297aa9a419f6f42e4130e08c1f8a33182c1bb

SHA256
17e0d5ae309e6da13e3f80448bef6d229fc1c6c8047e79111128a61c80298194

SHA512
1dcf964a971694b925ef369334da090f85131712475c54c31c407dbcd38a05437999d5338eaa98e82d9047be272bb795bd88fa1dd727b12226f631389351d6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
217423bd3f3f7a2bf86b041451712f96

SHA1
ea411460a3eefae7f7b9f0134e1a4efd86b33b2a

SHA256
5fb5cb6a6fa4c7f17ef12861bb6d76424694654acef9ec58d9449a7fbad93de0

SHA512
03201a1e02a891da79737b9a79972b3ee78f81e42adab545cc05e7f4275cf5e7b2619b97c77c251f3c6c3f610205ce0a04eae1a931b50674c82a19016333e4cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
a7f0a55271e145da60582cac8ecc6dbd

SHA1
a8fa50177ca9d26e4fec1dcb2f90cc712f11c884

SHA256
f38f8f3ccfcc4f9ddc13b38e13e3e12072c6d49f6da557ef814ac6feabd6505a

SHA512
86c0c65f4e86feea3a46adc7437d54ef3b10b0ea9accb3c0663256770cd5b6e97b24518cafaedb54b6b4cda925e15beaa8b6977a46b78957baf34ecd4aa16c65

Download Submit