e14fbab652008f42222b7fd9bb1044d421ed88b53cfed89040cc4f626b15d544

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

312KB
MD5

919efebc899c5ee1d3d8e3e89a685942
SHA1

9d73e9e88f953858da96230b1ca00d4bb1548d2e
SHA256

e14fbab652008f42222b7fd9bb1044d421ed88b53cfed89040cc4f626b15d544
SHA512

8b61202f5671ef88b99f96b946dcb2199ceb23f6ae03cf738e279a9fc5541b21478bd6089db198bc3b49199cb26aa486ec473a01e2c0944d1e318ca740d3a6ab
SSDEEP

3072:BiQgAkHnjPIQ6KSEc/JHDPaW+LN7DxRLlzglKUVP0k:XgAkHnjPIQBSE0jPCN7jBUVP0k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641700004354272"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
748	chrome.exe
748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1976	1504	chrome.exe	82
PID 1504 wrote to memory of 1976	1504	chrome.exe	82
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 3444	1504	chrome.exe	83
PID 1504 wrote to memory of 936	1504	chrome.exe	84
PID 1504 wrote to memory of 936	1504	chrome.exe	84
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85
PID 1504 wrote to memory of 4528	1504	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcbc2ab58,0x7ffdcbc2ab68,0x7ffdcbc2ab78
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:2
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1556 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:8
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4572 --field-trial-handle=1920,i,8654466356766373735,13422932854167201658,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fc253d98ab1ebc188f5fd1de6f2c4acb

SHA1
93844cb467b32f519e819091ab6e52d7144f6046

SHA256
17158946e2dc1ab5991983ade7d979e49418e5dfd2e2f24d8d6213d1353103f7

SHA512
382c73dfd61be20d73824453e7a764fe9d6f9dcee6ff600ad6834fa2b303f3cc014643b89baabd17f30cb6359008c98957ae60a0ca0c2f0faaa2a15dbaefb6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3c640e42f34799d8d9dc367951ae80ce

SHA1
65e9b711d380d6af1c7e3e56695f2a9a254299b5

SHA256
84ac4755c2c4db89b351a9b0b03183e7bd2e60630c00bb1c1ea28cc9e7817e27

SHA512
40cd9722438de8f694f2feb945a0c47fba5f6ce0f7b252a2ac011aab6e5198ec75427c1bb00d77e08447d1430ec18b53a019dd859eaa334a0f4b916459039b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
d2f4028e6d8faacfea00a9aea7418f04

SHA1
eda5c605aa3b847cf91180ad9e1398ab5955a5e9

SHA256
b4234ae0555da3cb93b44b145d554238751e02ad66b6dfa19ceddd061bc1dd7d

SHA512
8536442429807914a8faf010f10ea02082e5efb70dae3ea10906caf6d634c2335b03a99467eef7f0488cbcee2eb71edf3c581d20c3f3dd56813933fb96f0b325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
59efa3131ec95938ac9107d59e4d9bb1

SHA1
4341f988f1a0124ebde75ef8a56f997ad9d922f9

SHA256
aafa9a9831033d70e7d6e05404e93e690b6d8221cbc5652a83e82288c0af8dd5

SHA512
b21a702c0f2bf25ba9c224a8cdd0ec59cc237a186a56a6f451a17ef2e9a671e5575448f8a4d40609e6f6a2f935fab03572636bc6b1b02f7409dd1fdf6f6af5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
2a0f1d7cf821a18c24052628e47d7c65

SHA1
3b8095c8839e30e0fcfdc78dce9794996d2e161e

SHA256
af9d392be145eca7e081f07d0089f9db6db9be4e67c2a5c22a6dd685fb97af43

SHA512
1f70e8bf1695aa6d20de9a75974a4467b3f5e6a3e1e9463d9f9f52ecb83757a5fb6b96312f757bf8ad2a7dc5e7fe6fbc405f9118318297f822eb58e30c7c8640

Download Submit