9b85fb69d2828fe57a9994afa64905970a9941e809a3a3c6be8a87159f72f1c8

Analysis

max time kernel
280s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
29-07-2024 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

resource/LICENSES.chromium.html
Size

8.4MB
MD5

e400cd908b8fb7c13985e2f5cc7a7044
SHA1

bbafebdf5b067a7d7da130025851eaa52ec3c9d7
SHA256

ee3b1ab8794c749673ce9bd2dd302f12d69f0a1a4adfe40a64247746cc311829
SHA512

e7ca440f0e042d7fcfa99367426bf19899a2b227c6d7b6e2c25d4f1a40113250f21ebeaaf91067d8569dfbad1415d4fe3e5626d7254722f2778497fcb22e5d6e
SSDEEP

24576:/UrV6CI675knWSgRBPyQlrUmf1C6C6y6Z6/678HqBMUpuQ:MsWKA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133667448117044058"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

456 chrome.exe
456 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

456 chrome.exe
456 chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 456 wrote to memory of 436	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 436	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2484	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 636	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 636	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe
PID 456 wrote to memory of 2392	456	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\resource\LICENSES.chromium.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe4099cc40,0x7ffe4099cc4c,0x7ffe4099cc58
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,2045182220364569021,3774381833148825328,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,2045182220364569021,3774381833148825328,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,2045182220364569021,3774381833148825328,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,2045182220364569021,3774381833148825328,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,2045182220364569021,3774381833148825328,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,2045182220364569021,3774381833148825328,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1444

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aa6d03b2f85589857e5e238ab5ebaf09

SHA1
2a816b3cd8395766667abc404c86f6e280e7ca3a

SHA256
32b8ed4dbaf250cc60bc0021ac4927734107cec5b91224d4a0923d458671a910

SHA512
76475abbc76745742d934aabd1cf2ca88258e0571d9265b5cfc30eafbc38a55e572f4d1dc3f735f55a23e477440d6a248d7fc024d8dd42401f9ec3be6199c712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7eddef802232ffb19b94e3e1685011de

SHA1
181e5c70e4dc4e44b4a4376d1d062cafc788412e

SHA256
f8010c71d81451b1b07456f23bd3fde65f713c5d65fd37ebc00436a5b3e1983b

SHA512
ffd7dc6a505f5c64831d704648cecb8c142e41b448b94d16bed1051b84d89fd2198ddec69d4fe4d516387fbc1bda12ca04f27cc51af8bf67d6ae79d3458660d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4eadd2b21fc08bfb9ba98b88c60f801f

SHA1
71f7dc5770a0549c5e2802bf9ede4e68de48c652

SHA256
7a247d7c2fdb27a5a929be1b47a65696ca7ca3d4372301100c453d4ae9f703fb

SHA512
34e53330e10d5490b1b9a5b1fd2d350ad63b31551d9e7b9d270dffd804a835004bec173b8c5980c6ec17c02a623927f0eeb8510fa6e7543d1d3048230d99be94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e9751b38dc53a20b95674281f4383f4

SHA1
f0ad27448d69cc4635d4ac887ed4c4cf1353c96c

SHA256
b5887420fa610e78df9faf3f023ab8b3705d5118ccdd3316d9c28bfd8b7df31f

SHA512
ef0f20c83d5731556cc11896c1afc94db4a61b7f0388f64f43374bfc1894f0ecc5fcfedc0dc47bbd88cbf2a05e752089b3899daa259c068096e7c419ee6b5050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85d1e041953cfc711068d09da2453e79

SHA1
70b7d898d16205e2f351327c0d90e514a0eb5614

SHA256
6728d2e70b0e9872906b07af5d44c7e473745125098a37c0eb8be00aa6cb8bf9

SHA512
3199cebd9db6eb4e257856032200ba88135a581fa289d73794340b0a97bfa08419e357976074a821be3e1f1d718e57e416b0703cb3e7d61e7a315a1b19d31870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
1ec065d001c0e7de1c179dfa06638bf2

SHA1
4b1c3e4fabe2a8a08fefc652998333d826a1ae52

SHA256
e6be8e8239810fdc86e0db8d675eae47510bd0ba80c1d3de4ab4b7f88b6e362d

SHA512
3cee57422483e87a82a201c664c9b627a4eab2218e32c88de63da08960546ae671fd7938060b8f5b68050b652e2452fa1bb5341251a75ad9babec840bf759c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
3bc7842b5f4fc3c0cf330dbace36299d

SHA1
fe2cb5d6294ef80c9e256bdc16b1e62573b6fc0a

SHA256
04db01183eb9f94471908075003112e52cc30b86346eb7887c3cd7cb609b5622

SHA512
a535f1c03e4e4bcd3562144c18b7b0c97d2eeb6fbd3e02ae7ad8b06fe6a07d4e39ba3bd3aae35ccd128a995174b3725ff35ea8b533c3b48e122f76b81f1e9f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1235684a390c2aad6ddcecf28397c7b0

SHA1
1f5a5943a4738b0f9f18a7e58b40d1feebfbd8de

SHA256
051da0d50c076cb85a3d27b1eac267670cc6378579bbc363bb37ec8e7205b624

SHA512
064854830ee47f0ed88ae2f4bcf67dfce92760d8a68a577d857099748ea1e5571e7d488d1949b8cb2b0cecdab67a8e53bfe0e4f757717c75a3b187bb59851cef

Download Submit
\??\pipe\crashpad_456_BUTPQOVACCFBCBYM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit