696b1374d09d838db465b4eaaaa34ce105eaf91c4198ca2d77e2519464a9b9dd

Analysis

max time kernel
31s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 18:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

199KB
MD5

fd39e42caaff01b6ffe3aa283f01a628
SHA1

ec3fa9e1b43545710298d8a9ba87e22549aacd25
SHA256

696b1374d09d838db465b4eaaaa34ce105eaf91c4198ca2d77e2519464a9b9dd
SHA512

ca8c390e8f9ea7f37a5d377655f7b85a0512d1289de043a5bc591b2164461c78763087a95055a01e11f91140c269def836ac6fe14404c42319fc2d5553677e06
SSDEEP

6144:qg3eSE/N07yCSoTsV1x7ecvNmm7449LiiY6:0jd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645054528025660"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1876	chrome.exe
1876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeCreatePagefilePrivilege	1876	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2748	1876	chrome.exe	81
PID 1876 wrote to memory of 2748	1876	chrome.exe	81
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 4428	1876	chrome.exe	82
PID 1876 wrote to memory of 664	1876	chrome.exe	83
PID 1876 wrote to memory of 664	1876	chrome.exe	83
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84
PID 1876 wrote to memory of 3664	1876	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff86b2ab58,0x7fff86b2ab68,0x7fff86b2ab78
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4408 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1960,i,16473478155848913573,16360803233678277401,131072 /prefetch:8
  2⤵
  PID:1240

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3221693392b1ee732d13a2eb4b7d882f

SHA1
5d9a85adbbca61cd01542065c6d162924f91965a

SHA256
f4b3a01ab0abf0c3e9ab17b7b18003a126a7dbbe99c5515c0bc89e496b01eb56

SHA512
02bfcaa8ee2c037d1507c8404d742f936d6c6bffc2a762ddd2c2b6b24d97a6603694aec8007d3977ed993a391639e5a5906e999527e02d50ff15881a65184c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1fc29662b699b66f81ab8579484d2f57

SHA1
4eb303945bd2b84b9e7af384a68e000b32047113

SHA256
60bffc86015cb1400e73619276f7cfaefe7f0592d7922a0f288a83c6aac8c37e

SHA512
b50cf5c37f9d793314c9e0fecc0312ff08f85af8673061248dd15539193456679e129ed03ad60823546f1e6fafe02804d6b95d5a030b1dc0858d31087852b3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb5599b1186fd96012e097db8217605f

SHA1
5aa3108549cafbdac5a66d7c23fe225c4f5abd1c

SHA256
5ae55f19165c4d39fbaa2af5a8b58bfc8e1b268591c850c79ab8cd9c6ef692e6

SHA512
65e74ffb8a4783689a26e2c27fa5068ca276ceaf38f6cc981915758e6e0312873127a560561385aa0ee94854d298133f74267f7484e6c5ecccbd601fe5797b89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe574c4b.TMP

Filesize
120B

MD5
4655801dc771d486925d0c5ed764d032

SHA1
4199f2f065873b56483205d9d07f20f227294f75

SHA256
09e43fa1a3158aa5febeb09784cf1a85df3642bc48fe4a12f753964e4f6d3b48

SHA512
421462202b3a148703fa5b78ae18aa6f8501f767a3411b9b483f9a7e7b6bc4e8300c0979cbb24cf60cb58f4b869bd3723a021b70e1273694c9c222b2f7818fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3061e3cca15d2777d95395e8986bc034

SHA1
c1534a77ced9d485ce9c1bb3c40701ff3d2374bc

SHA256
5ad59fef4b53262c71fc5fe723df438f501077c9cd985a03654878c8f8017c2c

SHA512
88842b9f87e006a8e0f2c0884b6d1672c98de959c863ea0a930923be592d68892ef0b363c1493a4ab6f641ff72163509872157dd4e781a90c88758b67058758f

Download Submit