c10e7da902a293ed0dd054f8c816527aa0b73c06c72889f28d59036c4cc257ac

Analysis

max time kernel
149s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
01/07/2024, 11:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RFQ_2843.html
Size

87KB
MD5

7f4558da3c70242af90fd5b53494a09b
SHA1

5320a78befebbed65a9e2cbfaa3edb750fc34f83
SHA256

c10e7da902a293ed0dd054f8c816527aa0b73c06c72889f28d59036c4cc257ac
SHA512

e7faf9e329f8819d8905050a482f3d9de6f476b6c4641f21ffd548c4cec856ea2c00a2c5276e3f958ebe9c5410a05286fc8c7111b22e409e1b05f0903c35b866
SSDEEP

1536:855iq+oKw+15fFyCOeg1ziP8AUB7DzKFhgYqCV2yog+:q85dy//PACOBVUg+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643085062959094"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 428	3620	chrome.exe	80
PID 3620 wrote to memory of 428	3620	chrome.exe	80
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 3184	3620	chrome.exe	82
PID 3620 wrote to memory of 1124	3620	chrome.exe	83
PID 3620 wrote to memory of 1124	3620	chrome.exe	83
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84
PID 3620 wrote to memory of 1928	3620	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\RFQ_2843.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff57c9ab58,0x7fff57c9ab68,0x7fff57c9ab78
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:2
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4192 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 --field-trial-handle=1812,i,9062483001693839512,7350106457374292701,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c8792bda968d985a0034ba8df8cd5269

SHA1
0c61fea0efbead6859d916f1315feec13f4e9d8b

SHA256
23c0a49fbeb933edf6ab451be60dcdc967488243933758501d89b8d809223761

SHA512
68921d9fa3b35069c5ff13f93adbdefb8d83aa3e2f4604195aabfa4bf21d315c78e283c8be5f83882c7ccd61500c5d9ad8fef0d9bd6bf58af077293bb8872d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1570eb7b-5420-4116-b044-b38f4ccae417.tmp

Filesize
524B

MD5
5f992a45e83ecc56f62b0211a03ca2a7

SHA1
e84db72b6b83abb2040abbd6f30228f09d9123e0

SHA256
b272db9cec885e09779473af1d185ab71f9510e73ae441c59aa6a5f95e1657ea

SHA512
7d04abf1d3ad3a61bc857d26bbdc5e262c41796d0ed1023cd310fd31d735b8b0920c98760fa08578690ea771a0207258d0ca47a14bf0319d18f1385a7e58f549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3ee61a4d08ff874ba5fb5653e1b1afd3

SHA1
a98f55d1392965bbdc67175e10e05d607982d528

SHA256
d91ad7c2b95bc6a7f66485e08ccf7514eb4fd0d29c1dcdb228a6c44ede5722d2

SHA512
0d50ecfa821536f96deb920fbe9a81ef84aca6d895310da75a4dbcf2d48d5f2b147a1772f911c4ad861fb87c483b40d45d57d3a8123b9315510cc6fe04f2942c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
2b7349a995e78602bd65fe1a049bec7c

SHA1
5ceeba0c4c380353d2e33b6f8b3a8368bc76212d

SHA256
e5889bbf9ce43eab0258cb7d2aae4a8443ff8a95f727369cc57964198f9b893b

SHA512
c0fdb09ac6e488f20ca63b2bed8b5f90d80cede9fb9672828b4fbe9bfd2b0d3139616f52fbe6fe0d9d36f6aa3de00b096bf506c2c5e4e32c6b276b0798819b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40ee9c66649196781a600ea7a40e1322

SHA1
c592f2dee478d82a622cc28f452f7dfdd9991322

SHA256
aebac8e682d80dd901fe264f2bdf23b329267336d5f7a694912e6ac4aa8b4c58

SHA512
3d9f7082916e17aad21d972c8a165e8e7479a43c6d240c71f9a1d0132ddca92f8752ec7165f3c6d310f2a120a130e2a714200d84117748bf43ca35160e56719b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
6517aa2ed684d2846c77a4ae6a40a1aa

SHA1
3e59926149ecf109a20c50284b3bdcda4cf504d9

SHA256
50de2684e045ac12f5825595e41b1cfa5e2f9b5d138270991422ff8155bdee0e

SHA512
5e1f038e00914b7572576ce8b478b4a53e3c768c6d3d2c22aa008678c5055e23486600d2b933602b579ab71ebb74cb2227642796ce758317d08b05771893ccfe

Download Submit