212c00916c1969a080b1475568d3acb77da5f471e449e1a3518ec0bef3e90736

Resubmissions

05-08-2024 07:11

240805-hz14aszbrl 10

05-08-2024 07:09

05-08-2024 07:05

05-08-2024 07:04

05-08-2024 06:55

05-08-2024 06:55

05-08-2024 06:54

Analysis

max time kernel
31s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 07:09

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Screenshot_20240729_011531_TikTok.jpg
Size

24KB
MD5

20bf28be2328c3fc71cc890f85c6c427
SHA1

99338e93d92c6852cb5ca9ff5dd3ef74da4543ce
SHA256

212c00916c1969a080b1475568d3acb77da5f471e449e1a3518ec0bef3e90736
SHA512

d7d1a28417abceb7689f89adbde87cacaa1298669d9a32fcf22bc1c58f6ad08e5891205f1e2782885745c15fb3b3dc037b39246189fafe911845fdd4a215d944
SSDEEP

768:sjbMqMTFiBTizxZv1gHnvwHTIjvQZ4Bs6GbPlWX2n3kh:pjTFiBTax1gHvwTI7wB6GboXe0h

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673154107690796"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid	Process
2000	chrome.exe
2000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid	Process
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	Process
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 2000 wrote to memory of 2712	2000	chrome.exe	90
PID 2000 wrote to memory of 2712	2000	chrome.exe	90
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3308	2000	chrome.exe	91
PID 2000 wrote to memory of 3932	2000	chrome.exe	92
PID 2000 wrote to memory of 3932	2000	chrome.exe	92
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93
PID 2000 wrote to memory of 5060	2000	chrome.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Screenshot_20240729_011531_TikTok.jpg
1⤵
PID:896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffabbfecc40,0x7ffabbfecc4c,0x7ffabbfecc58
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5096,i,17647855406474846039,16075833898038381228,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2064

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
f01f086038e8a3adea8548436bd4f1f4

SHA1
53b210e87e5bd43b804ab44d7dbd0c83cd83fa3f

SHA256
f3237c3cdf515f7f5ba3912a4ad3a86a971de9e7d0a422fe7149345be8d8986c

SHA512
0278a34a3a400d9f43571898514ebdc57039f7521e75a3ffdf10a3ad6025810c6f3c694dc31ee0734e1e6e3857ce99d5437fda40601483198a915f3a06b9eb4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8cadfb30ac8867d2e386ed3cc549839d

SHA1
bbfa42f325f385eca0dc244d59989d354bb2cd54

SHA256
26b17230c8941344d547a855cd3b6a4966bd80773229bab816dbf2b86ad86fa4

SHA512
588b3e90f43c81fff49e1585c86377a1fcbd10aa7ba3b0ca976e0db4d67886712036f3154ccbfba50249847cb73fc726b94abdcdd79256a90895fb62d398762d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
c53f8429bc1a3734fbec0a4d3eae1cb7

SHA1
be8e858b978d1af8048b202526419ca43bee80b4

SHA256
e2602745426f4f6c4fb16e665803797600f70326f3f603f8d0ca5a86bc23a69f

SHA512
007d113ac50df8030eaf05490bb382ccd2e815885e6625c09cd0cf6bcde268dc0983f9a5cfa91bc9d3a5f5039f85d68d8770f101ba714c583b52b6bd99bda53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
b9071a57f3b2f9bc307ffd7e60459d58

SHA1
4c9f3a6bf74ecbd4d15b20ff15ec2a3fbb5f9b2f

SHA256
191394e4a5809a9ba7f26547d7b71a57dee17bcb8cac20afeb551d30a2e00532

SHA512
619ae83dd1b7f5a29a139884f2efa780c45e1889bc7347df36ece5f9c0e28340e5af37103db3f6037b14a58d6740eb0f6d9329f6ebda7b7b1475f3e4bdf99038

Download Submit
\??\pipe\crashpad_2000_ZXSCIYRLTBAXYEJB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads