4b3eacac8b352d31033dd07ceaecb1805c6050cd2182a4b574387f67d15720b2

Analysis

max time kernel
149s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3D160EFAABD722C5B75196811AB483CB.js
Size

3KB
MD5

b2174ac5a31899c1faadb2f7c9a43480
SHA1

2f63c421e537b0043c7c0cf372fee7621c8e582a
SHA256

4b3eacac8b352d31033dd07ceaecb1805c6050cd2182a4b574387f67d15720b2
SHA512

1ae24f33dac7e9d4701a2d4313a54989ffdcb6b8ab96aa28239b40b42eb80bcaceaf8ee6267658435ec624dd192e70d3806073ea9896327718564584555d8737

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642854431968368"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe
Token: SeShutdownPrivilege	1788	chrome.exe
Token: SeCreatePagefilePrivilege	1788	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 856	1788	chrome.exe	81
PID 1788 wrote to memory of 856	1788	chrome.exe	81
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 1784	1788	chrome.exe	82
PID 1788 wrote to memory of 4584	1788	chrome.exe	83
PID 1788 wrote to memory of 4584	1788	chrome.exe	83
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84
PID 1788 wrote to memory of 2892	1788	chrome.exe	84

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\3D160EFAABD722C5B75196811AB483CB.js
1⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcfa3bab58,0x7ffcfa3bab68,0x7ffcfa3bab78
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:2
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4184 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4508 --field-trial-handle=1808,i,3848568873153200331,4298192763740293193,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0993672cf1ef528e145b827000637717

SHA1
1d5b397d35b3813935ee5b22005e27ef2675cb3e

SHA256
b53a3d51dd243ee616793a022ff2ff9481ceae366293a8140bc8339359397f10

SHA512
34b37a850aa0765184a16586afe6296052645647582f5d393bda7ce36cb49a0ceaab900ba4296e29747ca6369cd554ef668a122ab5280460853fe3b276a2b856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
60311f8031d888b31f34f6798a796917

SHA1
b11a82b7ce5fbd3f7b9d6aac0c04200a0007554f

SHA256
a023060221b1b32315ef1924c62706923bfae8a680fd00ef2c0fb9cd382efc3c

SHA512
bf4b44a42f0747feab3578d35c15010486fe86cfa77d8775141300f4d5672752d5fd9fbe9b2fcad51ec7175245ce8571efbb7490802ab936a187f5be0e45ec26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
ab38fd40534b4e588971ca82985f01dc

SHA1
949d38676a14f8c7662ead7bc2ff1754ceaacfe0

SHA256
dfe4a1d1d7a13b3bdf1693235d744a24b43e97208b3acce3c1a79c9fda04da25

SHA512
5b91b684f056b721df4df46184dc3427d7c643477a46b31523e7bfb363c62f5a47de921d51d8c5d7daa51c9ced4c736647a5fe4dd0ba25f3571cdfe4d9721ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
6e229dc76f1950890210a0a1710e0b68

SHA1
9d2200862454f9097fb7a37a81ee05b868de4065

SHA256
31a0f2714d535434d98a26e0c58d5ffd1fb4a04b0d85c1e4570f547ca1bead7d

SHA512
f662c2dfb9827bc07f551e36da47ece8a28827d9f4eabe3d6d497660d01098dbe2c153e99af502104638124978d55d966b0b330b78b251d6255f4a8eef002f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5823ee.TMP

Filesize
83KB

MD5
b42556374dfa91f7a5f6b1eb988fc85f

SHA1
206642e863470f9b79c749e453794c7a4fd1488d

SHA256
4522dae9603b0c75ff40efeb23bdf98b7564828ae24404bc7ec28a5410564bfc

SHA512
89c9de8500157d789771eab3d5be6620d71c082f4961c1cbbd863f7588c4963bf441702588d70097fd9893930f0b07ebcdb8151bded1be787c2b290e95eb309e

Download Submit