66d1b7730d226aeea411fedb685fd3ce9c4e5cdd11d7367db4abc0ec5c625ea0

General

Target

file.html
Size

312KB
MD5

a85e8c872d3bd4a0d870d0ace8ac55af
SHA1

88c7c98e1e815678c2c3301bde54652da17e2962
SHA256

66d1b7730d226aeea411fedb685fd3ce9c4e5cdd11d7367db4abc0ec5c625ea0
SHA512

6358fa1395c27784e0622b52e681eacf736467afa6b6f3a98cc05ea5845cfeaee30699b789c8ffef44a562500b52c055f16fca0fe887f6d30c33c80ee58b9613
SSDEEP

3072:6ipgAkHnjPIQ6KSEc/iHfPaW+LN7DxRLlzglKnViNk:TgAkHnjPIQBSEz/PCN7jBnViNk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644195041835834"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3532 chrome.exe
3532 chrome.exe
4984 chrome.exe
4984 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3532 chrome.exe
3532 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3532 wrote to memory of 3128	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 3128	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 1884	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 3096	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 3096	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 976	3532	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3ee9ab58,0x7ffb3ee9ab68,0x7ffb3ee9ab78
2⤵
PID:3128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1764,i,4274433249362211793,1573001624145165687,131072 /prefetch:2
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1764,i,4274433249362211793,1573001624145165687,131072 /prefetch:8
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2120 --field-trial-handle=1764,i,4274433249362211793,1573001624145165687,131072 /prefetch:8
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1764,i,4274433249362211793,1573001624145165687,131072 /prefetch:1
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1764,i,4274433249362211793,1573001624145165687,131072 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1764,i,4274433249362211793,1573001624145165687,131072 /prefetch:8
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1764,i,4274433249362211793,1573001624145165687,131072 /prefetch:8
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 --field-trial-handle=1764,i,4274433249362211793,1573001624145165687,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4984

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
a62e0dc05469b4a8a2db085fa82f4a9d

SHA1
aec9e23ee8a0c7ca178533379c8f566fac3306cd

SHA256
77659339b7364aaf4abc2be5352d245dbb638bc1fa0334d180728e3de4da5068

SHA512
a57e5924b12851522b5fa41b0113e0c6ff978171f527bbcf9e12b8a1ae32978a6583a4b82fb4baf6f32e38553c11952a88e8b43e4933f54d415a6438fa72775b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
af5d6bdac37a4ca49b31b757912a312c

SHA1
eba3e453a570b8a2a17b1775a6a92f988c98c4cd

SHA256
aff99092caff353661ff1c31d7bd6388837f76d338a5d59963135daf00663e99

SHA512
63092ac90764658e351e1e2dc67b8f43f603f5ff7a0af93b7b713496691111c70c6d935866a6c0ace248192a09125d5f9c00bfc65a34a91e8faf8b2856242710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
f44ead83c02541897c2dcc6b654384a2

SHA1
1184ba82ed33a0e9cddf1de98a6e098d0bbf1b57

SHA256
6e11228cafbba9f3928774dfdf9446fa90565e881049585720eced0b88b5dba0

SHA512
82dd1c3ee1f9819ef4935c95fb940d6b57d2e7b6b64ccb32722bf286c8344d7e2a7ad226070659c2bd6f01319a6a390accd4468f46866fdd906a3892dfa50ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
6c4fb970da27d658cd7148e9b8645220

SHA1
59efba338b97eed65fde593e3da63931a0f5f7ff

SHA256
06648fdaa47c2ae312711b0e2f12d8b7cb90d116fee6729b9b818a6536620a04

SHA512
2ab6834bb4e3ef2487ae921fc57fde2b198be74d083ba77c64b1c3f11aff665a070e48b79e3d6b2082846f9b954d398a1a9ef336ad263fb84c95daafda723884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f1f35e6f1d5acb0403c54b2520d32e86

SHA1
051f528793b9b92e9927235c5451e2179d040f87

SHA256
b241b83e2af4b77aac447b39bdfbe64c2f05d6da5c9a260b0dba2511318853d0

SHA512
bf204d050a6a2b928cc7deeb200b8e07dbb75ef8781ef708e34b245c3e45655e15f82ebe320a673d3cfba622a86da494e96d268db9252b3b884e6fb15546ce84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
397e10156284f838a6af8a3ffd27b6f2

SHA1
248af54aed1443bca5c9b9bfb390aaf2274c5be0

SHA256
b2454cc11caf7ab4d0a3c3ff7ffedea7f26bf8ed8285e0c723fa236438041471

SHA512
f1d1f0258ca029768aff8ff96669818ba89736947618c98ecd23655b8fdf51675e17d7f772831105a9739216191022c060d026411eae6deb2fa0e5ab9afd057a

Download Submit
\??\pipe\crashpad_3532_GGMYMIEPAJKXRHWR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads