5d512065ca265ed51bceef0dc7968f60b6fc4b7c9bc092ade4540227a87f9d13

Analysis

max time kernel
1199s
max time network
1085s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30/06/2024, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Untitled.webp
Size

9KB
MD5

dff88c4ca9a08d41c09c54a535fbd54a
SHA1

39e94a3cc69a6b79dfba5b042610af019e3251cd
SHA256

5d512065ca265ed51bceef0dc7968f60b6fc4b7c9bc092ade4540227a87f9d13
SHA512

47c5a158440d4568ff4e0e725055f3a86e7c63cb89f080b6d7a3a09204b0d3a9f944ddf80f7eba1d6c8a4bd0abf6e1877c62547538bbd3bc602a66e5b215b50b
SSDEEP

192:HeVJcohk52tefeVX5etpEG9pKEGrUtUVolGr9erVkluD7fpB7:Hef7eJeVXAzEAY9Ut/80M0X

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642156310346865"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe
Token: SeShutdownPrivilege	4288	chrome.exe
Token: SeCreatePagefilePrivilege	4288	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 4288	4020	cmd.exe	75
PID 4020 wrote to memory of 4288	4020	cmd.exe	75
PID 4288 wrote to memory of 440	4288	chrome.exe	77
PID 4288 wrote to memory of 440	4288	chrome.exe	77
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 2224	4288	chrome.exe	79
PID 4288 wrote to memory of 4144	4288	chrome.exe	80
PID 4288 wrote to memory of 4144	4288	chrome.exe	80
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81
PID 4288 wrote to memory of 596	4288	chrome.exe	81

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Untitled.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Untitled.webp
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4288
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb75d39758,0x7ffb75d39768,0x7ffb75d39778
    3⤵
    PID:440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:2
    3⤵
    PID:2224
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:8
    3⤵
    PID:4144
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:8
    3⤵
    PID:596
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:1
    3⤵
    PID:4436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:1
    3⤵
    PID:3584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:8
    3⤵
    PID:2128
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:8
    3⤵
    PID:4028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:8
    3⤵
    PID:2724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3888 --field-trial-handle=1848,i,11022049006198220200,5728135343371851669,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\98e9c8b6-5e30-4d0b-bbea-15281137a2b2.tmp

Filesize
5KB

MD5
05310c2babcf686a0b662199ae568ff3

SHA1
50e4f0b5c97fbf6006803c19d3290a8c41bac862

SHA256
f716b75330164cc69a3349930fd385c7a8ae05c8a4aba845d4163df0b986c3dc

SHA512
9158d9d02cd77c843fe7ae9f3d48c332c9332ee15a7cdc738a82796a993de8ddcfdc8e9b9b98d77bb729c1ecc461549dc2e286a671e35a6570b6492d7ded7531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
602B

MD5
e40ef37ee862d88524874eef0723775d

SHA1
8f41cebebd2d261b419fdfb17a345edce79dda8b

SHA256
ec4b11b0289906b34d4443ab35f843a2232ee9578dc060df94948a6ee544ebe8

SHA512
0a29a8e4b3f7c51a0b90d76ea9edbfaf5af483f3d50308ae9087fbef78d38c90f2ee8cceac49729dd9d3e76543763c67cf4971e23dc6c3768c99d8a572d3e37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3eead8177c9b0b6895ec77bf93605951

SHA1
3e97641c0f31c787a7141618a18e55d2d699bd5b

SHA256
142aeddc87cf6f61780f0b333e01819c90403c79f8996a2e75d153d469467ab2

SHA512
9afd4dd210585072d0718b31f2c3516818afe53f1a277f5ed53e8efa08d727e4a30deba9a9fc8c884b92e388f50c88e793cdc26cfde1c4515aaab7fd01f39119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1df0416aea24716e18662831370002c3

SHA1
87b753eb0ba3c87bb4dc62ad5ca3ff08909823e7

SHA256
79d18c63359d0bc0893d79cb899c8e5f91a5bf22dc69e387b48554e9132ec49d

SHA512
78ec94c5afb451129d955ead18cc936df94d8f81406371bf2cbce8d23d04dba9a75f3715e99a17aaff1cf65d1236af133c07f2497a998cdb2a2560ab660bbeb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b358e65997388ddd2ab26791ebfc5237

SHA1
512e207b8aa3b8cfd869e721cdc964b8e861b901

SHA256
efcfd8069dd9d10a1f8ffb31347737228b35db5552c5e1b0dd65e920ad8d6373

SHA512
d9214e99244126984e062e25aa592dc22e06039c6885718c90fda67a354c5cd0d5a3d901bbd3fbd834512e97ac6943c8e078e1c71ff1db3072d6d306073646d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
289KB

MD5
5ff12d94efa4928934e3cf570baa625f

SHA1
c6cd36c3e85ad1348b8c91c5dad83ad4d8f27d1b

SHA256
defeedeb055cda1bddcdd15673e415163809342bb13b493da78a45c5874d26de

SHA512
015fdda0473623de4c7cd287cc6d6b044b804e8a775626baeab7bda1b7414a16589a63fe1a2736e610f6bd47ef44693afd74a6d0e6b959ea64022a2d838246d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit