hxxps://gofile[.]io/d/Fe4NXv

Analysis

max time kernel
1799s
max time network
1686s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/Fe4NXv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633495502110845"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe
Token: SeShutdownPrivilege	4376	chrome.exe
Token: SeCreatePagefilePrivilege	4376	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 1020	4376	chrome.exe	83
PID 4376 wrote to memory of 1020	4376	chrome.exe	83
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 2072	4376	chrome.exe	84
PID 4376 wrote to memory of 3244	4376	chrome.exe	85
PID 4376 wrote to memory of 3244	4376	chrome.exe	85
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86
PID 4376 wrote to memory of 4280	4376	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/Fe4NXv
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bd04ab58,0x7ff9bd04ab68,0x7ff9bd04ab78
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3888 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=1888,i,16132265011259747501,16418906357036265502,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
554e5e64d7452f6b1fb3da2519ffa4a9

SHA1
2c20ec24c31b7c8a29273ea8ca4b3a9bbad559db

SHA256
cc4b22b2d9405067aa9a6f8e734df816e80bd6fbd87de2c0a8774c4efcd2dab8

SHA512
cd730cbd5670bf980e67cf829ba521eae2028cc1b74af35d68f2b4afadc269d3384f5ed98f06dcda551ecd50c41d8d7099b1f423b1d12797f26fbac785e0efc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1d171bcb0aaaa089419f3309b386abfa

SHA1
46d7a5ee07da8177838a0f0d80df3055eea8f900

SHA256
b5e8097c34e294a57ec9914bc9cd1f5aa861bd9c960980901e402f168711ee46

SHA512
43452de73c040639a0f093a8c91c03c8414265e306aabb1b75dd88a1afc5a99e5790122842fe449d3585192fd46268b6d742019055690d463ce0467e4c0b8431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
36190a1cacc460936a729c678f6eb102

SHA1
f5e6528e377be3d6037e911ae9a8d1870184ff8f

SHA256
b65e0e4e2a0e956a7a930e4bd789b8226325e23e27f88cec590cf534abea75ea

SHA512
8c911e77b6bdb0a83a64a8970b362479e152c14789e33174382cfd043f7f99ba41625cbea3220fea292dfdd88f95071f195a3d4c60f4ccd513664ebb1ed14e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eb127ebf4b28182b94678004c846483a

SHA1
039f3ecf8c28e15aa0cfc02120b46a15dd30a599

SHA256
e182271df9631655d189c821d2c1a8d4f79db8a5d57ceda88122007074e92549

SHA512
cd993c2b2430459f0776e49e8dba804756d6ec8439c3e2a5e389144da97ec8491026487a905f05d08576518f4c232d91a3b3549d42300629a1638d4daae23f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
6ffbe93a29161bd242a721347ee06fcc

SHA1
f732935093e82fc64c7d233b13fe7741e7525f2f

SHA256
ae53aff691212661285862548f175b3734402a36625475b945c20934a00e8623

SHA512
04962a3d02232112842cf8ec5190e9cd24c44f8603c3fc678fc5c12d7c9eb4dccf726d73df64051e68fbe16822721d6ae58a89ae6305689959f0b222c07affc4

Download Submit