Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 11:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.surveymonkey.com/mp/legal/privacy/
Resource
win10v2004-20240709-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
https://www.surveymonkey.com/mp/legal/privacy/
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2864 chrome.exe 2864 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2864 chrome.exe 2864 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe Token: SeShutdownPrivilege 2864 chrome.exe Token: SeCreatePagefilePrivilege 2864 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe 2864 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2864 wrote to memory of 3436 2864 chrome.exe 82 PID 2864 wrote to memory of 3436 2864 chrome.exe 82 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3960 2864 chrome.exe 83 PID 2864 wrote to memory of 3656 2864 chrome.exe 84 PID 2864 wrote to memory of 3656 2864 chrome.exe 84 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85 PID 2864 wrote to memory of 3524 2864 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.surveymonkey.com/mp/legal/privacy/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff98a79cc40,0x7ff98a79cc4c,0x7ff98a79cc582⤵PID:3436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,9083205473296822813,11187578754889286853,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1964 /prefetch:22⤵PID:3960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,9083205473296822813,11187578754889286853,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2016 /prefetch:32⤵PID:3656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,9083205473296822813,11187578754889286853,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2236 /prefetch:82⤵PID:3524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,9083205473296822813,11187578754889286853,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:4528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,9083205473296822813,11187578754889286853,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:2744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,9083205473296822813,11187578754889286853,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4832 /prefetch:82⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4332,i,9083205473296822813,11187578754889286853,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4660 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1824
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:2764
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD55bc7d1f46cef541ff30720d8a78ca1ee
SHA18c4b8cbad1b3a612421de76e1c16c4901fa56163
SHA256f64616b6735f677f404a07f6bf57d3b7392e992d81bcba7399ee6796efa7cec8
SHA512d1a5d1c6e60abdf170fe6944ca0772f426396a54ac7778fac11a900e72c285dfcdc26f4ef741db95149dcf94d730250e496abe8d7e4c9a59eaeb6edab7134395
-
Filesize
2KB
MD5ac42d6a8e1770e310e97dc92b357919f
SHA1ed96dd4da4bf352d14f9ba4e291831a17ad3789e
SHA256c15f42306ea0c4825ff3beb440d8ee55ffd72f4deb087b510042385e17cb3805
SHA512bce3ea97aa50c34d91b390d2f42144787f888442e364e9c42aae5f90c2da08b21c07d59e6da1cd464b5aae2f9257b96a2d0e5e4ea22692d92282e67e9b4dde21
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD52db298af7ac72ae848075293e30d4fb6
SHA1a10179d9bfb544a5507508bdfa38165a90ebf218
SHA2561a8b792ae9bb6b8d40e33e10ce8fb9f4faa62875ab267aa2e52298c5095bbe8b
SHA512f0f953358b4c8868a41f6a84a0a1b19b89e05f8c0c1fa0f13974ca9cb8200b282a63a7607b7decaccc0c921a1a0d769021651a56640f94e6fd4bd473316fe8d7
-
Filesize
8KB
MD5aa9159259cf0e11705a5709626c3c444
SHA1059d106ca7612ccd6065b90fc9c6eda3b2cd50ef
SHA256a5659d80fbd12e4d00bdb4a497d76f0989169cdf7803ed6f5df19ab9e7a36f1c
SHA51288e132a909576bf9b39119f374c25ca965c826a084c47e5999a9f4a6e2fb920b11e11164869f4ce1f50d356c01ec79adb218aa9104f39c693de95d2e1052c6fa
-
Filesize
8KB
MD559912adde46faaeceb0c685a8f8277db
SHA1c31bea66950d218c2ec98e5ee3bfc7c404a21cb9
SHA256605688b1ae1af370eb2dcfd8c7e3a75f7e5a7e284212d72e91b2d31e6974f678
SHA5120e5de88ec47b9efd69acfb78fb9ef5a8f56b10d5d0f3bf689899008882c67910d7cb141f4206850d74239d49b5de47f761a85d080ffa824b8ef1e22e2410911a
-
Filesize
8KB
MD55386cfca58f157eb15f1ddbc8f5c7372
SHA149b86941a32be6a0d4bd9cad3dc552c61d6601b5
SHA256aa6f1c7be04d7ce2b81778059e9a81e9b528c7cbacdebdebc9d5ff5d5ca0297a
SHA51295c56d4244a5829dddee2c24ebd2fd4ccee4f89cd6246032b1a5f86cf3f1ad694b9c452a3b3fb95ed1fce1c74b2776c9a5170b397a1b1be8c8c1901f45bf0f1b
-
Filesize
8KB
MD5a5ce5c8dd0ccb443c5616d99b10a93e8
SHA1f6d13d89a8f0b82157a5451c571237edd3ae2bea
SHA256f7b785731bc40d81cc2666688c5c38dd3f7305bb5d38b6fb48c14321c818136f
SHA512116b4e0702cd9f7d8cea45a87198445b95aa293da32c62f8028e4ba96be83b3c3e397fde1034a9f043101584132c603263d6144ff47a293c79e73ad27ab2d603
-
Filesize
8KB
MD5af670647f60613dcbbb7ffe89884f9e4
SHA1d1cc812c562edb24907d00409c1df4b57b1f6cc7
SHA256d9b975f90542fb6a5d6d592f248956a11b4434863e6f563e597c271589c83bbb
SHA5123e90abde911dbd0f19c10ab1f118ba1a3132f39703b780627ba1903f66b1b65720e51e485dbdc1123b08dbedd8f246f7fd0b43055578dc61e2025201158783e5
-
Filesize
8KB
MD58fd37f960d6ae8479f1b2c24993a04c4
SHA1095a299680a1f813550fa53283ea428121bb369b
SHA2567f49348761b72e7e1149ff736c9221afcaffc56994cf1b45d023489dc13c658c
SHA5122254163259a87464a7e553181a747add01a1b1e6e882d8318f490d12507afd9fecc7419696953635d686793364f6e93b29698cf601bd328a54ae011da8d1afcf
-
Filesize
92KB
MD5345d5aadc05d6706a64bdf7ac87d87c4
SHA1f3fdb6b2d2b96046859a8fcfe1742197dbc38a2e
SHA256339917fda0ae9b2695a74544dc65692aac476f1a51f204c5a706c85c83a819c2
SHA5125eaf01d43ed0623fd9e160d57a5f4629333be7832d717076580cfcf3737e2f3b1adbba1d890df4cb82440378e9668ec468aed3f6f3674356dd339390f763eb95
-
Filesize
92KB
MD5d8d26aea6acccfc5c5118c01bcdaf3a7
SHA1a736e6b195283785906c05f1761f3ede82a2e858
SHA256337edb3605d2eb11b46fda0de465ac2d3100568e651b63eaf4356027366d7773
SHA512d347a06008d7d175ff7a617172e2e6ee38b157b6a2c4f0e7a57b88dd77ed05fdb1b657290e28e1ce4a7c379c36b7759acb5368504b7d419ad318b3a840314462