Analysis
-
max time kernel
1199s -
max time network
1085s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
02/08/2024, 16:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10-20240404-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671295968205804" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4212 chrome.exe 4212 chrome.exe 1984 chrome.exe 1984 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe Token: SeShutdownPrivilege 4212 chrome.exe Token: SeCreatePagefilePrivilege 4212 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe 4212 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4212 wrote to memory of 2636 4212 chrome.exe 73 PID 4212 wrote to memory of 2636 4212 chrome.exe 73 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 1132 4212 chrome.exe 75 PID 4212 wrote to memory of 2472 4212 chrome.exe 76 PID 4212 wrote to memory of 2472 4212 chrome.exe 76 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77 PID 4212 wrote to memory of 1872 4212 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe56969758,0x7ffe56969768,0x7ffe569697782⤵PID:2636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:22⤵PID:1132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:82⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:82⤵PID:1872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2628 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:12⤵PID:4040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2636 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:12⤵PID:4660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:12⤵PID:4596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:82⤵PID:2184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:82⤵PID:776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1768,i,3534696510875395821,16806333259534159484,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2488
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
144B
MD5cc919fcbb222de64244ab6283b7584a9
SHA16fcaff7859648b16015ba34736a8449155a530dc
SHA256c478cfe65c928a04a5ce01d7555504773fa9337fe50f9cd17a65bdd43593e2ad
SHA512e91d4227fe65bfb40620b77cc1ab7145a61f4ce0b654d8f623c3ad38b39fb6c45f08f29256bceb68b89529100d3269a69737e82b3da5cb280f89f40f5c32c103
-
Filesize
1KB
MD54b26f081f023a8fbd2c4e98b7698fabb
SHA1804a4e29893b3cebfa58176b56b46ac358670576
SHA256dcc28b220c75fa14ff1eeb59ac83a646eda5484cbe6aaa7e8e695f797103d4e2
SHA512443ca4054f6fe7847a325ee803e206b2b03fd43fa98442dc9e9ed30205eea4187961c889b7e9365f62bb71072e2bc63e5425d24e2fb084964b72f5f26b1f8362
-
Filesize
1KB
MD5c75925a4b1c5b8791a5285a65a6ee5a8
SHA12dd50360c9c03dc5476d786115d86f5e69e367d0
SHA2560d2c3adcc0b7d8866ac4b01657940887b4edd0a83f110e2bc603a37122745897
SHA512cba539b0333ab95992ca19a8bb7aa1764c01a3b3b5b19bf5977305b246e0bb81431bd3785937be8ae5eb589c576ca7c5142d9e520e251a44075eedfdcb148436
-
Filesize
1KB
MD5a48e411cb12ab21ac565879c4c295cfd
SHA12b23e1d39b9e266367c7eba9e676169bbd50717b
SHA256eb3c53a655de9f620b0ac223307c11a9b36f9f6d89f3ea218a840c8529daeaa4
SHA5120f33ea3967db10815c69688c0910e5fc84bd11a1dc17941739891901569b5196c496138325fc5bd316816f5e7f524954e60608e63b621289a1817d573e21323e
-
Filesize
6KB
MD54f8a15dc914280599b7e874ceae3aa57
SHA1a47c1a71172b09333c70b732961049211f95cca3
SHA2561085121e6a27dac24a9be3a01fe01b746249915239cdd21e9e29a6480a7d8915
SHA5125f97f40f10882e007c20aa959ffe0097e4db8510ccde92821d3c2dcfc3822d0e76e4ad72490a39b8f1808c28fbc74aa711e2ca0cd72f08be6ce3a79e30dbcb48
-
Filesize
6KB
MD5c5f62bb1b7f77dea8ae72ad08d6dbf3b
SHA162ca123bae99f8a8364e3b82c3678f2122a6d2c9
SHA2565a0e76b1aa0d5ed07742f081fdc0cb50e6f3506fe2accfc2addbe250d6b7eb41
SHA5121137b30aedf2b7a81f0be722cb43a3b3d01dfc23f94b639875b2371cde1a17963655b2f886be69f38311d313f8aba68376775a7249fcca49d84a6e23620df8d1
-
Filesize
6KB
MD5fc3820d8b3c21ce6a5449d5050b55f93
SHA1c09668e0d7717abaeda760f415a12f4e983cae1a
SHA2566d261f0ad26c48d9f6b1331bc5e5d5eebb272bd03fbcd9070678e5b61ae5f3ef
SHA512c2dff0904f29a162fbffdec0eb40841765e2fb3cd4a2a1e88811bc379c26f9e9af7ed802b141b243af39fbe4346c1eeebb7bdc9722fe49a9f4bdcae6fc090f22
-
Filesize
136KB
MD5d5d2a368383a2a9b358abaa6bc402d36
SHA1013b68091c618d279664b157951ab6638d83697b
SHA2566a27150e8710d8ac575e516e7da9c2886350794c1a366d815fc54aae68a9da56
SHA512aefa99c066fa549011fae85b61df31f53e322a55dfa0426c6fa5dc851be378fdfc01c23fe7c887ecad60da932e7a2663e322f7ec1c592ae5ae98331a78122b00
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd