7bb4be9184710e7d3067ce155a3f8e37c248bdf649906ea40af66a324ace61a4

Resubmissions

23-07-2024 23:56

240723-3zb5dszajg 3

Analysis

max time kernel
119s
max time network
84s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-07-2024 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

o+dXbsug.html
Size

203B
MD5

a368ebdb8002fbb3142e16bc34b326d8
SHA1

e727c702fb6be3cbefa0b0847717b2334ce9b8fd
SHA256

7bb4be9184710e7d3067ce155a3f8e37c248bdf649906ea40af66a324ace61a4
SHA512

2550b4b0040f566d106e24e8180de41225feda5b82c68a31bc7dbcf422b6751cc1701cd3f1cc51a7ffdbd57fdcdccabf1f3b6444afda681221f8e6f734c40dad

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662528307907735"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 1240	4104	chrome.exe	73
PID 4104 wrote to memory of 1240	4104	chrome.exe	73
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 1420	4104	chrome.exe	75
PID 4104 wrote to memory of 2956	4104	chrome.exe	76
PID 4104 wrote to memory of 2956	4104	chrome.exe	76
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77
PID 4104 wrote to memory of 3372	4104	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\o+dXbsug.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff4a809758,0x7fff4a809768,0x7fff4a809778
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1800,i,2831716351498362359,14323691868384531424,131072 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1800,i,2831716351498362359,14323691868384531424,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1800,i,2831716351498362359,14323691868384531424,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1800,i,2831716351498362359,14323691868384531424,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1800,i,2831716351498362359,14323691868384531424,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1800,i,2831716351498362359,14323691868384531424,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1800,i,2831716351498362359,14323691868384531424,131072 /prefetch:8
  2⤵
  PID:5000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c79c03d985d70e65a05684e9825cc0ac

SHA1
e47aa699c80686a906c0c0252f81b39a5d12d7ea

SHA256
73b147db7f8a6eec3bf6650b3ea70b87c6ce5f6a75165a10995f5c3304686826

SHA512
878e5785deb48017846f710f88dc1d2824b6ad12d3294e67886eb77f023b12a1f206666f227cfa8f58e5eabacf1c0b24234baacae17cfdb87c2b4fb1b32753ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dbb32aaea1b6134c81ed9551b4cf3dc0

SHA1
5a5bd3fdb317a55743139cd1041f2162f4ef64a6

SHA256
de60e27eef4b3e3e05c06e85425b84df955deac12c5cb06df2133a5a6b15a274

SHA512
3744d89676304110c9fc8a9f0c2e9849da063c6801b4a8265eec2c1fb38818e540f569539cdead718180bd6edcec38d473b415c175b80ff6100b5c7e8d87940d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e96c222d64ea614e350ac8c48066063e

SHA1
784407023a8d603aebd1a09507a461fabb5c0b39

SHA256
28e257a8df456e01462b945d30617e5c2f76bb8119c248565e24ce1ad78dcaef

SHA512
20ca0581f2fd6137fbdbb785003fed11c34b8db1b1e7ba41d88cf7effe8d9f064372b2bd602ff1592b2a9f9d94d075848f7ced0d55aea71a49e5aa6ed6e940bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f2af51ad-424d-4d38-a018-6d8c773f763d.tmp

Filesize
136KB

MD5
5c8ffdcc8a5ace8abffec2ee198bc585

SHA1
2f65b6690b131de851937eff2ff5cb6842ec4152

SHA256
5496958d3ca522818afffcbb93a5eb1b261470ba848471c4f15f29b1521cd72d

SHA512
dcf13e83caf47d7563453ca1fab773d0d3b4fc5c31fe12af3601917a9647fa6f9296ab5f52ed42599bed958c57b5c3e26de4bd478a5727e760e8cf7e98b222c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit