hxxps://security-enhancement[.]com/ioc

Analysis

max time kernel
202s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://security-enhancement.com/ioc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637801669391608"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
2616	chrome.exe
2616	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 5080	4876	chrome.exe	83
PID 4876 wrote to memory of 5080	4876	chrome.exe	83
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 1624	4876	chrome.exe	84
PID 4876 wrote to memory of 788	4876	chrome.exe	85
PID 4876 wrote to memory of 788	4876	chrome.exe	85
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86
PID 4876 wrote to memory of 796	4876	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://security-enhancement.com/ioc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3c8fab58,0x7fff3c8fab68,0x7fff3c8fab78
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1780,i,7317211535851747851,11163089706229874738,131072 /prefetch:2
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1780,i,7317211535851747851,11163089706229874738,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1780,i,7317211535851747851,11163089706229874738,131072 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1780,i,7317211535851747851,11163089706229874738,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1780,i,7317211535851747851,11163089706229874738,131072 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1780,i,7317211535851747851,11163089706229874738,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1780,i,7317211535851747851,11163089706229874738,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1780,i,7317211535851747851,11163089706229874738,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
584aa4faaab9a8373d0c5c9d4133cafa

SHA1
10f61195e187ae0e00924619169a4ee08c9d702e

SHA256
c559cbb02e9a8732e485973e7bc9c88509ba717389b56ec3be841534f866f64e

SHA512
e121d6e9c3db56d4b1565d5094c4472e7967d93f3844b1d6f9e2b12ea3e4cea6a27157049e66065d2e3174c9eca4216b619a2c91d8c73fbaa89bfd8a4e3c00a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f0e343a225a3aeac710c6626386016af

SHA1
2b5c90f5cc48ff165fa99bcc09914f7aab8caa0d

SHA256
4bbd9b2f92568aedf2a564a1dfcd68e138c30a20ca672c14357ff0be525aed2d

SHA512
696e295151f86813190bc20aa172b5ed87eafaa1ddf2627659b230291dcbb505fa1b4a79113d6076b8ce25f5aa6024ff9d1b4deea17f0082116457941c59871f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f9d1b1a254135b1691ef9acd02429219

SHA1
17dc15248f5c3ff855f9fca7886ed02ba4673eef

SHA256
e4bfb1ca2e828e879e29d8b28e72df9d5c15789286f404cd209827ed9db63036

SHA512
2fe117507a57979a32912548813e004eaec980559e7a7bf80fbb850108d8d1e382a3eb4c1719cdb61e09451590b3d76da2fa7fb219bc7b923e8659bc261af66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f80ea85aa1c110762e550b79a0b91db5

SHA1
9dd986f1233d6b93d3018d903c067321b4d6c617

SHA256
fdb74e24700ef83e5aa36cde596e91c1cac59f3a60cc6933262a85246250c37b

SHA512
3b059f6c5048ea2f812928e8e24eb6c1d1da453b1bbc770f5b5cee8018df9f56b477c3b1ad8f28fe2706d029e6b24d70405e83539b6f2250b2b608e76672db5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91c222eb2777b439768521e6be8b143c

SHA1
d7ce86b335512b71e63a405d7f4b1815daf356b3

SHA256
5a1ff2d702c355f3f33274790b173234410a98b0a1fb65bc540f4584a69f5268

SHA512
f17d3330359c7f1ad9be9ce7c023aec5dac9ac2f54a3d1a01b5046b64134e0c4b4b92b82237c6e49f11fed47dd0d7ba115fa115e8be572d55f40112dc8051092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b9f0b837352d5ae058b1990834fad7f7

SHA1
752bbbe5ae0d5facbd9b59e77f216b487260f295

SHA256
9650b0053ac7b92249f352d731da3cba206e977839e016f65293b63a6d49465f

SHA512
a95cb64d6595af0e8d890f35b13f276ef59b4ce95f55c909e8b5bbbd49aa2d57b44e4568b54aa0a407b7dbbb631bf46cfa6aa941bfe1427e3911a8c56c4913f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
cb4f0d1314a322a17a74c66b98d6d8ce

SHA1
653bfab7095ddd1e5f6bb66518bdc801763eb264

SHA256
7ea036522f0e78cc991f6e2c83d462a50fd1a33d8ac540d23f705b313595f21a

SHA512
aeda5cdebd551e2431073a4e87c8baebd842227643360321496e99457cfefad5be54a8af3999483f62e7df22ae933b4ec671c566bafdf84a9cd94319def0477e

Download Submit