Overview
overview
8Static
static
1sample.html
windows7-x64
1sample.html
windows10-2004-x64
1sample.html
android-9-x86
1sample.html
android-10-x64
1sample.html
android-11-x64
1sample.html
macos-10.15-amd64
8sample.html
ubuntu-18.04-amd64
sample.html
debian-9-armhf
sample.html
debian-9-mips
sample.html
debian-9-mipsel
Analysis
-
max time kernel
97s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 16:58
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20231129-en
windows7-x64
6 signatures
1800 seconds
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
1800 seconds
Behavioral task
behavioral3
Sample
sample.html
Resource
android-x86-arm-20240611.1-en
android-9-x86
2 signatures
1800 seconds
Behavioral task
behavioral4
Sample
sample.html
Resource
android-x64-20240611.1-en
android-10-x64
2 signatures
1800 seconds
Behavioral task
behavioral5
Sample
sample.html
Resource
android-x64-arm64-20240611.1-en
android-11-x64
2 signatures
1800 seconds
Behavioral task
behavioral6
Sample
sample.html
Resource
macos-20240611-en
macos-10.15-amd64
5 signatures
1800 seconds
Behavioral task
behavioral7
Sample
sample.html
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
0 signatures
1800 seconds
Behavioral task
behavioral8
Sample
sample.html
Resource
debian9-armhf-20240611-en
debian-9-armhf
0 signatures
1800 seconds
Behavioral task
behavioral9
Sample
sample.html
Resource
debian9-mipsbe-20240418-en
debian-9-mips
0 signatures
1800 seconds
Behavioral task
behavioral10
Sample
sample.html
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
0 signatures
1800 seconds
General
-
Target
sample.html
-
Size
19KB
-
MD5
7030b1e40adabfa91ee52c81c65257cc
-
SHA1
1920af0169c52de492edb199db45430148c2eed4
-
SHA256
d87360c3a4286dab91df70eca55e4b4f6520069fc5f1595272fcdd3f37f5af3e
-
SHA512
68ef5523ec85925bcbb5ecac16a1eba9f17463014a11745fb8ef351486f2a7a9db4fced14b4989d1e9d07707c88470a394c6477af0ebf69771dd25a10b0cd5e4
-
SSDEEP
384:I/kFspY1ocy454lbGaNsvhpNe9su3K2fa2hOwV0b0QfcNxCqcR1:I/kR1ocy4iEa+JpNasd2hOwSb0GYxQR1
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633763262995588" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4624 chrome.exe 4624 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe Token: SeShutdownPrivilege 4624 chrome.exe Token: SeCreatePagefilePrivilege 4624 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe 4624 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4624 wrote to memory of 212 4624 chrome.exe 89 PID 4624 wrote to memory of 212 4624 chrome.exe 89 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 4656 4624 chrome.exe 90 PID 4624 wrote to memory of 3324 4624 chrome.exe 91 PID 4624 wrote to memory of 3324 4624 chrome.exe 91 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92 PID 4624 wrote to memory of 2012 4624 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbdafab58,0x7ffcbdafab68,0x7ffcbdafab782⤵PID:212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:22⤵PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:82⤵PID:3324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:82⤵PID:2012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:12⤵PID:4120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:12⤵PID:1196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:82⤵PID:3988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:82⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2468 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:12⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3296 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:12⤵PID:1320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3288 --field-trial-handle=1916,i,17439892220547213156,17366287152673556821,131072 /prefetch:12⤵PID:4696
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4080,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:81⤵PID:2020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
929B
MD55ae6fbd7ce1e54193000ba18dc2bd0d1
SHA1b2e56670517dc16dca67b7703935be4c2e18c809
SHA2562511489e1cef20edcd58463ed1af817f60b3524137fdd387c039ba1c0bf5bd6d
SHA5124e55561f868e4a079007faec81a9632b29260b29b2357bec895bd318bfdcd52cce7403a0c7af492a310318c8b41dda1da3fbaf94c3e602fdc2758984ac0b7a46
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD56a2f5cb21b30b03e9deea363539390f2
SHA12fc6622d95d7c575bcd54d87d385ce14b4e586b9
SHA256dda374769fac05fe672a8adf01224f89573488aa7496831d605c7931996be5b4
SHA5127a5f1862b9e4624b67d0731dad2e3530a409e8449222648a70f61f0354a445edd57da6a13f361555a639350a24d1470d59a31455b4fc432d0285c9eee56e50f1
-
Filesize
255KB
MD5e5694bf47642958185319648500bb5c2
SHA107c9507268cb1d1395eabdc0ec8ce88c8cff990b
SHA2560b4eabfd7ee2044018fa28c2abad0228c9fb843678733c5bcaa23ac4ebc46ca8
SHA512dfd6d58e3f2ffd8e22706fdf637d6d5190c5298de1dbbfdbd59961f724ab2578657f83211f114e89ea750fcfc5a4f061d4d8b45b319b5b7a9c1b5d87d4ef84af