hxxps://hs-21113418[.]f[.]hubspotemail[.]net/hub/21113418/hubfs/Imported

Analysis

max time kernel
28s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hs-21113418.f.hubspotemail.net/hub/21113418/hubfs/Imported

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662309120519658"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe
Token: SeShutdownPrivilege	2120	chrome.exe
Token: SeCreatePagefilePrivilege	2120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe
2120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2896	2120	chrome.exe	84
PID 2120 wrote to memory of 2896	2120	chrome.exe	84
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 1808	2120	chrome.exe	85
PID 2120 wrote to memory of 3540	2120	chrome.exe	86
PID 2120 wrote to memory of 3540	2120	chrome.exe	86
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87
PID 2120 wrote to memory of 2336	2120	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hs-21113418.f.hubspotemail.net/hub/21113418/hubfs/Imported
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffea4b3cc40,0x7ffea4b3cc4c,0x7ffea4b3cc58
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,4256197642223383541,15877470901663506784,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,4256197642223383541,15877470901663506784,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,4256197642223383541,15877470901663506784,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,4256197642223383541,15877470901663506784,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,4256197642223383541,15877470901663506784,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,4256197642223383541,15877470901663506784,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:2496

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\704ed998-3b41-4360-9a5f-a69c0dbe86cd.tmp

Filesize
181KB

MD5
0a1f1298347fa63fa1de0a230f1c8c73

SHA1
bfe9528d707dd1f3922de38fac70fe28844a2e75

SHA256
15418681f2acd8b2ed94ca0dbb95a4658052eb1a211432668c9c07e55feeacd5

SHA512
ab0c6c86b4076cd0d086bf1bb07e984e9e69b393faca28f9da4da701066c477a4a74844e4826922ba9ab2680ad527456c1d42d1bd061ceb6bd44d52e46bbb25c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b8b30fec3fc0612f37818b7d8bafe033

SHA1
acdea17fa9a22e7e261353849586378376e720b9

SHA256
90b4f2f6b36f67dbd4fa19a98cde8db8936246aa4cebf89ee69aeab804733ebc

SHA512
ee896e1351c81d084d6aa7a3a8e73ba630d3aa6d98b487524f8aaea8e7b40d1e332c6f37e6e6671eb8ca3cfd81d376ce535fb6d0d44ee41d595dae25414ee277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34bbda77f82f38570246647ce9332bb9

SHA1
b467087400ff88c7d8a4aa97ffdf709fc8a045a4

SHA256
5b624ff0c5534eff2c6c2c2325f49a84f3f5afcee61fa230b74d84006cdebc5f

SHA512
b2b52408bba3dbf8d1cde97b8ffcf7690819821b41012ab89e06ba5f2d80ca84ebf26d83177a5d8fd51c3c1415a0384f77ab89ceef77a285f9329748529ca20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5abd38c4726e0b5f300c9d9a29e1e91e

SHA1
8e3f7518c125c7655f676bce514c26f5e201c19c

SHA256
32f498fd2f404f8e7844b99576c54b0f3b8550a8541ed0fd53eaf5e053192ef9

SHA512
00f4ba871215300d051cdad1d8daf3585fd046c2608c236cbb43c74bf97138cd88c3c551dddcea9ac2f74833d119758dbc5b04e862eb6188f41d9cefaae22c28

Download Submit