93fef944a3cf763c04fafcb38540b4d5093b003c92a7a4e5b8c35e254d75e537

Analysis

max time kernel
1799s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
18/06/2024, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

index.html
Size

9KB
MD5

a90a55043c4436e1fa6dc727cd0cc111
SHA1

50d90abc16511c5cc0142639c07e9c194281293e
SHA256

bd4b75d1f07cdde77c186631a57991541d1414fee039f9eb307f5a8fcb4a1a41
SHA512

013996e42e9f4ab7c5e0b158d36476cef0cedb24180f8a4d1eb96a5ca8a91822dbcdbcafb89bfe0a23b62458ffdbe540746bc1203a97154341021b0e0389d89d
SSDEEP

96:nDhacmnLJtAHya7fe89m6XGLBWJeVkcApuBiK:dacONtAHyaK89mQGLBWJ6BiK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631808650644822"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2812	chrome.exe
2812	chrome.exe
3144	chrome.exe
3144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2812	chrome.exe
2812	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 4988	2812	chrome.exe	77
PID 2812 wrote to memory of 4988	2812	chrome.exe	77
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 1056	2812	chrome.exe	78
PID 2812 wrote to memory of 2092	2812	chrome.exe	79
PID 2812 wrote to memory of 2092	2812	chrome.exe	79
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80
PID 2812 wrote to memory of 3352	2812	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffecf08ab58,0x7ffecf08ab68,0x7ffecf08ab78
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1832,i,13302000070813757418,213126152247962973,131072 /prefetch:2
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1832,i,13302000070813757418,213126152247962973,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1832,i,13302000070813757418,213126152247962973,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1832,i,13302000070813757418,213126152247962973,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1832,i,13302000070813757418,213126152247962973,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1832,i,13302000070813757418,213126152247962973,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1832,i,13302000070813757418,213126152247962973,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2696 --field-trial-handle=1832,i,13302000070813757418,213126152247962973,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8e8f8f0f32fce86c040c7529045f2855

SHA1
5b41f49ca58553bfd40e8485493cce3a7f9605e2

SHA256
53d3f2f0dd0cec1d4bd3f954b027385db67e035a557b696d9286f6e633d17b47

SHA512
a1d3ec573ff46131f15f5587f2df1cee79ca710e8b927be0d00ce5fa7a90a11da1b838dd5214527ed8c814937892b9627c5246cbe41f509ad376cf541fbc5b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
677B

MD5
e6002f712927d130eabd61e4b548d188

SHA1
b89f2a7c0cdfe44c57a0ebb65f06a7dc732c462b

SHA256
130810548b7c808bf650746e2edded88ffb7f9f611361b1b8a3e6dde551637a1

SHA512
b8e0cd85b0d98286cd86e7d44e876463188a285a10ba92b97bb02d603e981822dcde36d9cd1d48952b9c55d109727c2ee53a3173e5d1e27b17ff4c06647f75dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3745185f9f60aef1d575c32b374cb59f

SHA1
c1756b6cbdee8561cf93a87d6c7cbf478eea17ac

SHA256
21eb9d5efdddf7ea6dc9b3af7505812697fbe719fa4e3fb9bc641cc3df0df605

SHA512
96da2a09c0fa29a09ca9f4a1b8705c168b669a1807500d8211a80e7e4f4485e5dbb993d80b5dd575e4a3c2e84ccb7932661d7168b256cae248c51e62e0c356fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
fac8945cb7227361daa3ae2ae42cfa25

SHA1
3134e327b18c0cab46263a3d6630b04709eed1df

SHA256
15a5f8d846e2c47f4bf4f2a0d752573fbea251b8ef188f390e6dcf95faf07be3

SHA512
c8d285f4d1bb58d163dd3af80868291ce2ef7f151a6ce9807b02d9a551058ebd749b7272652b4b67464abf9f4adaf74dcf7f3629dd150380d616aca67728f7ad

Download Submit