Analysis
-
max time kernel
300s -
max time network
289s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
18-06-2024 16:29
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://clt1626878.benchurl.com/c/l?u=1132F805&e=18361E4&c=18D2FE&t=1&l=D68163A8&email=lqHZksjMNEHLyHTjd7th3Aif8GG0Zxj9&seq=1#[email protected]
Resource
win11-20240611-en
General
-
Target
https://clt1626878.benchurl.com/c/l?u=1132F805&e=18361E4&c=18D2FE&t=1&l=D68163A8&email=lqHZksjMNEHLyHTjd7th3Aif8GG0Zxj9&seq=1#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632017875223072" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 3884 chrome.exe 3884 chrome.exe 3444 chrome.exe 3444 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe Token: SeShutdownPrivilege 3884 chrome.exe Token: SeCreatePagefilePrivilege 3884 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
chrome.exepid process 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe 3884 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3884 wrote to memory of 1816 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 1816 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 3312 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 2100 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 2100 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe PID 3884 wrote to memory of 4992 3884 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://clt1626878.benchurl.com/c/l?u=1132F805&e=18361E4&c=18D2FE&t=1&l=D68163A8&email=lqHZksjMNEHLyHTjd7th3Aif8GG0Zxj9&seq=1#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaaa45ab58,0x7ffaaa45ab68,0x7ffaaa45ab782⤵PID:1816
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:22⤵PID:3312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:82⤵PID:2100
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:82⤵PID:4992
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:12⤵PID:1760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:12⤵PID:1980
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4240 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:12⤵PID:4788
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:82⤵PID:3508
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:82⤵PID:4664
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3876 --field-trial-handle=1804,i,17978802490466423939,11880462953222215311,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3444
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD579e23408549d3c3fc9999cc0e3bfc344
SHA1e769d7d6048568241acc288b9af5c121c14e0511
SHA256749dc7805de8b9a6f9570960bd0040f8d4433a039e176f06d050661dda655cb6
SHA512060f55fb589e4260dc9d0a0393aa8634c2ddf0ebabfc7b20715f77a20bbc199c994f6198b6c5925bc15ca4a3d532d4ff0ebb51921c3bd759d7fd7de4d09166eb
-
Filesize
2KB
MD544e9b841c2f7f3e5df5c6dd5dbd3d791
SHA1f2f000049c226cb236d5108ba1c0bd6df453ae68
SHA2566b50858fc13827b3800d5eebceb833b8592331526a89c4c365a3b451131da43c
SHA512f4f70088fb786108554ee4adba4eebce239ead9ac7713c7e53842bd4d6a02e8d5aa9b46e8beddea16c037c5d9d645f0fe260fbc6f73ec2c0ac2451cd5770cd0f
-
Filesize
2KB
MD5e31c8d7c02a3cf61d5b171efb72922d7
SHA1965f79a5b071dfb76850b5e00f5e73181c1d2fe9
SHA25616d3076653df2a7672ae2dbb2b299d2e7c8c2a7bece1aca46ddbf8feb29cc3ea
SHA5129407cb36d8a3584cfc5d7e6176d437ab34c4776c1609ed485630c149aee2d7f5e5d19725855e87e8eada2b0ce027a5478a5d207a38f31a969b8ddac4c2621bd0
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c00f0e70-2d22-4156-aad5-e593c0b5c469.tmp
Filesize7KB
MD5414b2af97bc634e8536134a1bdc2bf97
SHA1aec9ef39b1b03972e4be3d783583cfa6a8382de8
SHA2569db35b10a57bae2c6a9515b60ca64b4582999aeff6267156b666b9f2b977ff6e
SHA512f20f3a63ea4aadef823422417dc3575eee2c54b18b50b2c5f4040201bc3561fc47b83933d50ce79288366f4bbcea37284fbe69d1c7e0a479bb7f7cb761dd1b17
-
Filesize
138KB
MD5e22d34cc8eb9e83974e8931eb8b2bc30
SHA113b4bccc6bea58ef8845775040c897cd4a728b07
SHA256c487a177d2b82d311ae95e1464badfa2c4265de35d74695681d67793f9f0d508
SHA5124f3149bcd27d3645f72df5564d6fd078f683c8cbe8cc095174b9a2aea9bd3781335e00acc9e9d242d38d5879005b87171732c2104c8d2f5238b3a97b07c66afe
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e