hxxp://www[.]google[.]com

Analysis

max time kernel
18s
max time network
17s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/07/2024, 10:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645636987685851"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1268	chrome.exe
1268	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2604	1268	chrome.exe	73
PID 1268 wrote to memory of 2604	1268	chrome.exe	73
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2804	1268	chrome.exe	75
PID 1268 wrote to memory of 2700	1268	chrome.exe	76
PID 1268 wrote to memory of 2700	1268	chrome.exe	76
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77
PID 1268 wrote to memory of 3212	1268	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffec93f9758,0x7ffec93f9768,0x7ffec93f9778
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2652 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2672 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4692 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3332 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2792 --field-trial-handle=1836,i,18099347906837369065,16303828259616617912,131072 /prefetch:1
  2⤵
  PID:2256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c4b1cd0d9648d7fd4c1ad5d6f99996f8

SHA1
266d4c69122ec05ce0f7509a87334bb560661db9

SHA256
158b1c144e46dd9518bf8d1113d213e796fec690d4405949b43e886c4545fb7f

SHA512
3b5ea0677535601bc253e1819669ca234e52800bc98c4c88c74250eedad45d34006fd478165001c9a3f1c157151a322c638153a941e0c2c175c01633fdb247fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
177ecb4ffacc7b83d5174515362e6cd4

SHA1
a9ffc55fcb7075f5858053ea8b256c5e8289e2d9

SHA256
99a575ab28e2d33d619b93ed9a8d0b36ce331fdbccb3566a1248e24157366537

SHA512
69adec7cad0c7abcf868e01e8dd9852189c3e736f5c0209e4eaf5db8df1bcfc7ef506f07e8ece51126fe6881aba30597c8cb63c7f65943fd439331759240ce16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
781888a73183624cf28b576f7f12a7a4

SHA1
74ef013ed376950c36f3c6fb29a65d8b7424a0e9

SHA256
3609947ebc83a28cde03492e40b66af6a0fe0ea10a546f298fd637e18aa90525

SHA512
99323958826bc0063914fd5a1bce5f14324c2eff8dd2ea1bb1be67451689b24837965ba67d71c50ec3a27a4f51f39409e6fae67e0088f38c15bfc9aea04c8d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit